Malicious apps found on Google Play Store have been secretly recording the motion-sensor of Android devices. By doing so, they have been trying to avoid being detected. This tracking is done to not being detected by emulators used by researchers prior to installing the banking Trojan-horse.
Usually, the emulators used by security researchers or Google employee who screen the apps do not make use of sensors. This has led to the idea of recording the motion sensor of the devices. This malware will only work once the motion is detected.
Two of the Google Play apps have been caught using the malware by Trend Micro, a security intelligence firm. One of them is BatterySaverMobi with around 5000 downloads and second is Currency Converter which does not show any download numbers. These were then taken down from the apps store by Google.
These malicious apps not only detect the motion by installing Anubis on victim device. Responses over Twitter and Telegram were also used to look for command and control server. Kevin Sun, a researcher at Trend Micro states that they then register on C&C server which examines commands through an HTTP POST request. The Anubis payload would be set in the background in case the response to the app from the server is with an APK command along with download URL. It then persuades users to update the system by tricking them to install the app.
Personal data of the victim can easily be gathered by the attacker if Anubis is installed successfully. According to Sun, contacts, and locations can be detected. Moreover, messaging, making phone calls or audio recordings could also be done through the attacked device.
It is advised to Android users to be careful while installing any app from the Google Play store. Also, try to go for the apps which are more credible rather than unknown developers.
Usually, the emulators used by security researchers or Google employee who screen the apps do not make use of sensors. This has led to the idea of recording the motion sensor of the devices. This malware will only work once the motion is detected.
Two of the Google Play apps have been caught using the malware by Trend Micro, a security intelligence firm. One of them is BatterySaverMobi with around 5000 downloads and second is Currency Converter which does not show any download numbers. These were then taken down from the apps store by Google.
These malicious apps not only detect the motion by installing Anubis on victim device. Responses over Twitter and Telegram were also used to look for command and control server. Kevin Sun, a researcher at Trend Micro states that they then register on C&C server which examines commands through an HTTP POST request. The Anubis payload would be set in the background in case the response to the app from the server is with an APK command along with download URL. It then persuades users to update the system by tricking them to install the app.
Personal data of the victim can easily be gathered by the attacker if Anubis is installed successfully. According to Sun, contacts, and locations can be detected. Moreover, messaging, making phone calls or audio recordings could also be done through the attacked device.
It is advised to Android users to be careful while installing any app from the Google Play store. Also, try to go for the apps which are more credible rather than unknown developers.