Wednesday, January 23, 2019

New Malware Apps in the Android Store are Using Motion Detection to Evade Discovery

Google’s App Store is still battling some rather scurrilous entries as of late.  The smart people at Trend Micro (which is a security firm) noticed 2 that have a rather unique way to avoid detection.
The apps are “Currency Converter” and “BatterSaverMobi”.  The first, obviously, masquerades as a currency converter, while the other promises to extend your device’s battery life.  While they appear innocent enough, the both install a banking Trojan called “Anubis”.
Here’s what happens next:
Once downloaded, the malicious app uses the infected device's motion sensor to detect whether or not the user or the device is moving. If both the device and user are still, the malicious code will not run.

As soon as it detects the sensor data, the app runs the malicious code and then tries to trick the victims into downloading and installing the malicious Anubis payload APK with a bogus system update, masquerading as a "stable version of Android."

Not Just Motion Detection...There's More

If the user approves the fake system update, the in-built malware dropper uses requests and responses over legitimate services including Twitter and Telegram to connect to its required command and control (C&C) server and downloads the Anubis banking Trojan on the infected device.
Once the “Anubis” Trojan is on your device, it goes about trying to steal your banking credentials by either taking screenshots or using a key logger that is built into it.  These run whenever a banking app is opened.
The banking Trojan also has the ability to gain access to contact lists and location, send spam messages to contacts, call numbers from the device, record audio, and alter external storage.
Google has since removed the two malicious apps from its Play Store. Although it is a never-ending concern, the best way to protect yourself from such malware is to always be vigilant when downloading applications even from Google's official Play store.
Most importantly, be careful which apps you give administrative rights to, as it is a powerful permission that can provide full control of your device.
To be forewarned to be fore armed...


  1. All the latest updates from the PythonAutomationminds team. Python Automationminds lets you program in Python, in your browser. No need to install any software, just start coding straight away. There's a fully-functional web-based console and a programmer's text-editor
    Phyton training in Chennai

  2. Please visit.. --