A new Android Remote Access Trojan (RAT), dubbed ‘Cellik’, has been found leveraging the Google Play Store as a distribution channel. This malicious software poses a significant threat to Android users by disguising itself within seemingly legitimate applications, allowing it to bypass Google Play Store’s security checks and infect devices.

Once installed, Cellik grants attackers extensive remote control over the compromised Android device, enabling data theft and surveillance. This method of distribution highlights the ongoing challenges in policing app marketplaces against sophisticated malware.

How Cellik Operates and Spreads

Cellik operates by embedding its malicious code within benign-looking applications that are then uploaded to the Google Play Store. These apps often mimic popular utilities or games to attract a wide user base. Once a user downloads and installs an infected app, Cellik gains access to various device functions, including contacts, messages, call logs, and potentially even camera and microphone access, depending on the permissions granted. The RAT establishes a covert communication channel with its command-and-control server, allowing attackers to exfiltrate data and issue commands remotely, all while remaining largely undetected by the average user.

Protecting Android Devices from RATs like Cellik

To protect against Android RATs like Cellik, users should exercise extreme caution when downloading new applications, even from official stores like Google Play. Always scrutinize app reviews, developer information, and requested permissions before installation. Granting excessive permissions to an unfamiliar app can open doors for malware. Additionally, regularly reviewing installed apps and uninstalling those that are no longer used or appear suspicious is a good practice. Keeping the Android operating system and all installed applications updated to their latest versions also helps patch known vulnerabilities that malware might exploit.

Source: https://www.darkreading.com/threat-intelligence/cellik-android-rat-lEveragEs-google-play-store