New Android Malware Apps Use Motion Sensor to Evade Detection
Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware.
Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research team, infecting thousands of Android users who have already downloaded them with banking malware.
The apps in question masquerade as a currency exchange app called Currency Converter and battery saver app called BatterySaverMobi, and are using motion-sensor inputs of infected Android devices to monitor them before installing a dangerous banking Trojan called Anubis.
The malicious Android apps, with a large number of fake five-star reviews, use this clever trick instead of traditional evasion techniques in order to avoid detection when researchers run emulators (which are less likely to use sensors) to detect such malicious apps.
Not Just Motion Detection…There’s More
If the user approves the fake system update, the in-built malware dropper uses requests and responses over legitimate services including Twitter and Telegram to connect to its required command and control (C&C) server and downloads the Anubis banking Trojan on the infected device.
Once compromised, the Anubis banking Trojan obtains users’ baking account credentials either by using a built-in keylogger or by taking screenshots of the users’ screen when they insert credentials into any banking app.
Usually, banking Trojans launch a fake overlay screen on the top of bank account login pages to steal banking credentials.
According to the Trend Micro researchers, the latest version of Anubis has been distributed to 93 different countries and targets users of at least 377 variations of financial apps to extract bank account details.
The banking Trojan also has the ability to gain access to contact lists and location, send spam messages to contacts, call numbers from the device, record audio, and alter external storage.
Google has since removed the two malicious apps from its Play Store. Although it is a never-ending concern, the best way to protect yourself from such malware is to always be vigilant when downloading applications even from Google’s official Play store.
Most importantly, be careful which apps you give administrative rights to, as it is a powerful permission that can provide full control of your device.