Two apps, Currency Converter and BatterySaverMobi, have been found to be dropping Anubis malware payload on more that 5000 devices; Google has removed both of them.
#IBMCodePatterns, a developer’s best friend.
#IBMCodePatterns provide complete solutions to problems that developers face every day. They leverage multiple technologies, products, or services to solve issues across multiple industries.
Click here to know moreAdvertisements
Japanese IT security company Trend Micro has claimed that it has found two malicious apps which drop wide-reaching banking malware. These two apps were found to be disguised as useful tools, simply named Currency Converter and BatterySaverMobi. The discovery of malicious apps on Google Play Store is not new, but what matters is that these apps are removed from the platform. In this case as well, Google has confirmed that both these apps are no longer on the Play Store.
Trend Micro says that the battery app was download for more than 5,000 times before it was taken down, and boasted a score of 4.5 stars from 73 reviewers. “However, a close look at the posted reviews show signs that they may not have been valid; some anonymous usernames were spotted and a few review statements are illogical and lack detail,” the company claims. These apps dropped a malicious payload, which is known as banking malware Anubis.
After the analysis of the payload, Trend Micro says that it found the code is strikingly similar to already known Anubis samples. The firm saw that it connects to a command and control (C&C) server with the domain aserogeege.space, which is also linked to Anubis. The Anubis malware shows itself as a safe app and prompts the user to grant it accessibility rights, and also tries to steal account information.
The types of apps do not use the traditional evasion techniques, like extended sleep, they try to use the user and device’s motions to hide their activities. Anubis, a Sandbox-evading malware, has a built-in keylogger that can simply steal a users’ account credentials by logging the keystrokes. The malware can also take a screenshot of the infected users’ screen, which is another way to get the victims credentials.
Sandbox-evading malware is a new type of malware that can recognize if it’s inside a sandbox or virtual machine environment. These malware infections don’t execute their malicious code until they’re outside of the controlled environment.
As a user moves, their device usually generates some amount of motion sensor data. The malicious app monitors the user’s steps through the device motion sensor. “If it [the app] senses that the user and the device are not moving, then the malicious code will not run. If the malicious code runs, then the app will try to trick the users into downloading and installing its payload APK with a fake system update,” the security company noted.
Trend Micro says that the latest version of Anubis has been distributed to 93 different countries and targets the users of 377 variations of financial apps to farm account details. If Anubis successfully runs, an attacker can gain access to contact lists, location, have the ability to record audio, send SMS messages, make calls, and alter external storage. Anubis can also send spam messages to contacts, call numbers from the device, and even function as a ransomware.
Popular Mobile PhonesView All
Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.
We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.