comscore Banking malware apps on Google Play used motion sensors to hide detection: Trend Micro | BGR India

Banking malware apps on Google Play used motion sensors to hide detection: Trend Micro

The banking malware apps would only trigger when infected devices were moved.

  • Published: January 18, 2019 12:45 PM IST

Developers of malicious Android apps on Google Play Store have been trying out new ways to avoid detection. Researchers have discovered that these developers used motion-sensors to monitor the infected devices before installing a banking trojan. The trick would allow them to stay undetected when emulators were run to detect such malware attacks.

The logic behind the assumption is that emulators used by security researchers and Google for screening apps submitted on Play Store are less likely to use sensors. Malware detection takes place only when an app is running in a sandbox when being analyzed for threats. As such, two apps were recently caught dropping ‘Anubis banking malware’ on infected devices, and they would only activate when a motion was detected. If no motion was detected, the trojan would remain inactive.

Watch: Vivo NEX Dual Display First Look

The two apps with motion-activated dropper – Currency Converter and BatterySaverMobi were spotted by security firm Trend Micro. While the BatterySaverMobi had about 5,000 downloads on Play Store, the number of Currency Converter app downloads remain unknown. As soon as the malware apps were discovered, Google removed these apps.

Besides motion detection, these malicious apps installed also Anubis on the device, which used requests and responses over Telegram and Twitter to local the required control server and command. “Then, it registers with the C&C server and checks for commands with an HTTP POST request. If the server responds to the app with an APK command and attaches the download URL, then the Anubis payload will be dropped in the background,” researcher Kevin Sun wrote on Trend Micro blog.

The dropper would then try to trick users into installing apps by displaying a fake system update screen. And once the Anubis malware was installed, it would use the built-in keylogger to steal the credentials of users.

So, there are a few takeaways from such incidents. Firstly, hackers are improving the quality of malicious Android apps. Secondly, it is important to think carefully before you install apps on your device. Look for comments, app ratings and the developer, and if you’re in doubt, stay away from such apps. Lastly, try not to download and install apps from unknown sources. These tricks will help you stay safe from malware apps.

  • Published Date: January 18, 2019 12:45 PM IST