Malware Apps On Google Play Store Now Avoid Dectection With Motion Sensors

Dhir Acharya - Jan 19, 2019


Malware Apps On Google Play Store Now Avoid Dectection With Motion Sensors

Researchers discovered two malware apps that used motion sensors to avoid detection, Google later removed these apps.

Those who create malicious apps for Android users on the Google Play Store are seeking new methods to avoid detection.

It has been discovered by researchers that before a bank Trojan is installed on a phone, these app developers have already monitored the device with motion sensors. Due to that, such apps can avoid being detected when emulators are run to search for malware attacks.

Kết quả hình ảnh cho Banking malware apps on Google Play used motion sensors to hide detection: Trend Micro

Developers have turned to this approach because normally, the emulators that Google and researchers use to screen apps submitted on Google Play Store don’t use sensors.

And the process of detecting for malware occurs in only one case: an app is under threat analysis and it is running in a sandbox. And recently, two apps were found to be dropping ‘Anubis banking malware’ in infected devices, the apps’ dropper only activates when sensing motions. If they don’t detect any motions, the Trojan will stay inactive.

The two mentioned apps are BatterySaverMobi and Currency Converter which security company Trend Micro spotted. There hasn’t been information on how many times Currency Converter has been downloaded, but BatterySaverMobi has counted around 5,000 downloads. No sooner were the malware apps discovered than Google deleted them from its Play Store.

Kết quả hình ảnh cho Banking malware apps on Google Play used motion sensors to hide detection: Trend Micro

According to researcher Kevin Sun, apart from detecting motions, the apps also installed Anubis on the phone that used responses and request via Twitter and Telegram to local the required control server and command. He wrote on Trend Micro blog that Anubis, after being installed, will register with the C&C server and seek commands with an HTTP POST request. In case it gets responses from the server with an APK command and a download URL attached, Anubis will drop its payload in the background.

Kết quả hình ảnh cho Banking malware apps on Google Play used motion sensors to hide detection: Trend Micro

Next, the dropper will show a fake system update screen which tricks users to install apps. When users have installed the Anubis malware, it will make use of the key logger built in the device and start stealing data on users.

So, from such incidents, it’s worth noting a few tips to avoid from being hacked:

  1. Attackers are getting better and better at developing malicious Android apps.
  2. Think twice before installing any apps on your device.
  3. Avoid downloading and installing apps from unknown sources.

Comments

Sort by Newest | Popular

Next Story