Two Android apps infected with banking malware have recently been spotted on the google play store by security researchers, already having been installed on thousands of Android device & users who have already downloaded them with banking malware and sporting dozens of fake five-star ratings.
New Android Malware Apps Use Motion Sensor to Evade Detection
The Trend Micro malware researchers team linked the malware payload found in the two apps in question masquerade as a currency exchange app called Currency Converter & battery saver app called BatterySaverMobi.
The Android apps are their use the motion sensors to detect if they’ve been installed in a malware analysis sandbox in which case their malicious behaviour will be stopped in its tracks and this dangerous banking trojan called Anubis With the help of a fake system update screen & with a large no. Of counterfeit five star reviews, the malicious apps would try to trick the users into giving it administrator privilege by Authorizing the fake update.
The built-in malware dropped will contact its c&c server using HTTP post request — this clever trick instead of traditional evasion techniques to avoid detection when researchers run emulators.
Once the Anubis banking Trojan ends upon the compromised device it starts collecting banking information using an inbuilt key-logger module or by taking screenshot when the user inserts credentials into banking apps, in a while it detects the sensor data, the app reuse the malicious code & then tries to trick the victims into downloading & installing the malicious Anubis payload APK with a bogus system update .
The ability to take advantage of contact lists & location, send spam messages to the mobile, phone number from the device, record audio, & alter external storage. As discovered by Trend Micro’s researchers, Anubis Trojan has been observed attacking three hundred seventy seven different bank application from ninety three countries all over the globe ,with banks like Santander, RBS, NatWest & Citibank ,as well as non-banking apps such as Amazon, e-bay & PayPal in their list of targets.
The fact that multiple malware campaigns distributing apps infected with Anubis down-loaders have been previously removed from the google play store is proof of the skill of the
actor behind there to successfully hide their malware from Google Play’s defense be careful which apps you give permission right which provides full control of your device.