Security scientists from Trend Micro lately unearthed a piece of Android malware referred to as Anibus that managed to slip right into the Google Play Store with a little of creativity. The malware in question was located on two separate applications, though neither of them were commonly downloaded and install.
The way the applications managed to get on the Google Play Store is really quite creative. In an effort to avert detection from emulators developed to detect behavior connected with malware, the malicious apps were uploaded to the Google Play Store but stayed inactive unless movement was found. When motion was identified, the haul would spring into activity.
This is unbelievably intelligent, with Trend Micro keeping in mind:
The malware developer is presuming that the sandbox for scanning malware is an emulator without any activity sensing units, and as such will not produce that kind of data. If that holds true, the developer can figure out if the app is running in a sandbox environment by merely looking for sensor data.
The two applications discovered to contain the malware were impersonating as valuable utility apps, with one being a money converter app and the various other a battery surveillance device. Both apps had ratings of favorable evaluations, though it stands to factor that the huge bulk of these reviews were phony.
The good news is that Google at some point uncovered the apps before they got as well preferred. The battery app, for example, was only downloaded and install 5,000 times prior to Google obtained sensible and pulled the plug.
As for the malware in question, well, it’s specifically unpleasant. When turned on, users are presented with an apparently reputable overlay of a banking splash web page and also are asked to go into in their credentials. All the while, the keystrokes are being logged. Trend Micro includes that Anibus can likewise swipe sensitive qualifications and customer info by stealthily taking a picture of a user’s display.
Trend Micro has a lot even more detail on just how the malware operates Here.