Malicious apps hosted on the Google Play market are trying to crack a trick to avoid detection – they monitor the sensor input to move the infected device before installing powerful Trojan banking to make sure it does not load on the emulators that researchers use to detect attacks.
Thinking behind the monitor is that sensors on real end devices will record the movement while people use them. In contrast, emulators used by security researchers ̵
Trend Micro Security Company found its two-drop drip drift – BatterySaverMobi, which had about 5000 downloads, and a currency converter that had an unknown number of downloads. Google removed them after learning that they were malicious.
Motion Detection was not the only smart feature of malicious applications. Once one application installs Anubis on a device, the dropper uses queries and answers on Twitter and Telegram to find the required command and control server.
"He then logs on to the C & C server and checks for commands with HTTP POST," Trend Micro researcher Kevin Sun wrote. "If the server responds to the application with an APK command and attaches the download URL, then Anubis's payload will be dropped in the background." Then the dropper attempted to trick users into installing the application using the fake system update shown below:  A false system update designed to trick users into installing the Anubis banker trojan. "Src =" https://cdn.arstechnica.net/wp-content/uploads/2019/01/fake-system-update.png "width =" 613 "height =" 1089 “/> Updating a fake system designed to trick users into installing Anubis Banking Trojan Horse. Trend Micro
Updating a fake system designed to trick users into installing Anubis Banking Trojan Horse.
Once Anubis is installed, it uses a built-in keylogger that can steal users' account credentials. "Malware can also get credentials by taking screenshots of infected users. continued:
Our data shows that the latest version of Anubis was distributed in 93 different countries and is targeted at users of 377 financial applications for details at the expense of the farm.We can also see that if Anubis successfully launched, the sender will have access to the contact lists as well as the location, and will also be able to record audio, send SMS messages, make calls, and alter the external memory, and Anubis can use these spamming permissions to contacts, device call numbers, and other malicious activities Previous studies by security firm Quick Heal Technologies have shown that Anubis versions even function as a breakthrough.
The researcher provided the following screenshot showing some of the financial applications: Anubis targets:
There are two lessons to the report. The first is that the quality of malicious Android apps is improving. The second is that Android users must continue to think carefully before downloading and installing applications on their devices. The obvious advantage of the two now removed applications was minimal. People are better off adhering to a small number of applications from well-known programmers.