Google has eliminated eight malicious Android apps from its Play store that were designed to steal money from online financial accounts or hijack smartphones, according to a new report from Israeli security firm Check Point

The apps listed below snuck into Google Play through the front door According to Check Point, these apps did not appear malicious at the time they were evaluated by Google's malicious app screening process [According to Check Point, once an app is installed by a user, the app switches to communicating with GitHub, a code-sharing platform owned by Microsoft that allows anyone to contribute software and other content [Each app hides "droppers" to install more software, and these droppers downloaded the AlienBot banking trojan from a separate GitHub page dedicated to each app (An independent researcher from MalwareHunterTeam also posted about this on Twitter in late January)

Check Point describes AlienBot as "second-stage malware that targets financial applications by bypassing the two-factor authentication code of financial services"

In other words, once installed, AlienBot steals online banking passwords and bypasses the two-factor authentication (2FA) method that prevents the use of stolen passwords

According to Check Point, AlienBot often installs the Android version of TeamViewer, a legitimate app for remotely controlling smartphones (or computers) [Once TeamViewer was installed, the creator of the fake app could log into the victim's bank account at any time [Check Point researcher Aviran Hazum said, "Hackers were able to bypass the protections of the Google Play store by leveraging readily available resources The victims thought they were downloading a harmless utility app from the official Android Market, but what they actually got was a dangerous Trojan horse targeting their financial accounts," said Aviran Hazum, a Check Point researcher

Check Point said it notified Google about these malicious apps on January 28, and Google confirmed on February 9 that all apps had been removed from Google Play

Many people may still have these apps installed on their devices Below is a chart showing each app's name and unique Android application ID, which is important because Android apps often share identical or very similar names

To verify that these apps are not installed, scroll through the apps and see if any have names similar to those above 23]

If so, go to Settings > Apps and Notifications You may need to tap an additional button to see all apps at once

Scroll down to the suspicious app and tap on it On the app's screen, tap Details, then tap App Details

Go directly to the app's page in Google Play Apps Tap the three dots in the upper right corner of the Google Play Apps page and tap Share

A fly-out window will appear at the bottom of the screen with the web address (URL) of the app's Google Play store page

The last part of that URL after the equals sign is the app's application ID

For example, if you search for the Facebook Android app on Google Play, the URL is:https://playgooglecom/store/apps/details?id=comfacebookkatana" The application ID for the Facebook app is "comfacebookkatana"

If any of your apps match the application ID in the table above, you will need to remove them

To exit the fly-out window of the app's Google Play page, tap the Back button Then tap Uninstall to remove the app

]