A never-before-seen malware-dropper, Clast82, fetches the AlienBot and MRAT malware in a savvy Google Play campaign aimed at Android users. The dropper was disguised in benign apps, which don t fetch a malicious payload until they have been vetted and cleared by Google Play Protect. Researchers found that for each application, the actor created a new developer user for the Google Play store, along with a corresponding code repository in GitHub. Each application writeup up used the same Policy page, which in turn linked to the same GitHub repository.
Source: https://threatpost.com/google-play-malware-spy-trojans/164601/