steven36 Posted January 18, 2019 Share Posted January 18, 2019 Researchers discovered 2 Malicious Android apps from Google Play Store that drops Anubis banking malware with advanced obfuscation techniques. The malicious apps posed as a legitimate tool with the name of Currency Converter and BatterySaverMobi and also attackers posted a fake review and boasted a score of 4.5 stars. Google Play store continuously flooding with various malicious apps including adware, spyware, malware that targets the millions of Android users. These new malicious apps intended to be uploaded into Google Play store to infected Android users with Anubis Banking Malware. Both Apps had thousands of downloads that affected various countries users including Japan, Australia.US, Italy and more. Malicious Apps Discovered in Play Store These malicious apps are just a little ahead of normal evasion techniques and are taking advantage of users and their activities in order to hide them using device motion. Since the motion sensor are always running on the Android mobile, its consuming a little amount of data. but the sandbox for scanning malware is an emulator with no motion sensors. So the developer assumes that if there is no sensor then the app is running under the sandbox so the app will be immediately be stopped by using “kill” command and the malicious code will not run . Infection Process with Anubis Malware Initial analysis of Payload indicates that the code is similar to the Anubis Banking malware and it connected to the C&C server with Anubis linked to aserogeege.space domain. Along with this 18 other malicious domains are being operated under the same attacker's control and the domains change IP addresses quite frequently. Anubis malware basically posed as legitimate apps and steal the users bank account information by request to grant permission to banking apps. Unlike other banking malware that launched a fake overlay screen and monitor the user activities when they enter the key inputs But Anubis malware is a little different that it contain a built-in keylogger future and that it can simply steal a users’ account credentials by logging the keystrokes. Apart from this, it has an ability to take a screenshot of the victims mobile in order to steal the users data. According to Trend Micro research, Our data shows that the latest version of Anubis has been distributed to 93 different countries and targets the users of 377 variations of financial apps to farm account details. We can also see that, if Anubis successfully runs, an attacker would gain access to contact lists as well as location. Also it can perform other malicious activities including record audio, send SMS messages, make calls, and alter external storage. Anubis can use these permissions to send spam messages to contacts, call numbers from the device, and other malicious activities. Source Link to comment Share on other sites More sharing options...
straycat19 Posted January 19, 2019 Share Posted January 19, 2019 Really?!?! People install Apps on the same phone that they then use for their banking? How dumb can you get. First off, do you really need those apps on your phone, doesn't it come with enough junk already. And then, why would you use your phone to access financial accounts, since out of all internet accessing devices, phones are the least secure. Stupid is as stupid does...Forrest Gump. Link to comment Share on other sites More sharing options...
mikie Posted January 19, 2019 Share Posted January 19, 2019 Bank screwed up recently and dunned me $50 for a $30 check I wrote & talking to their adjustments department the lady was dumbfounded because I dont use online banking . She didn't know how to fix the error at first. They had to mail me in postal mail the adjustment receipt because I wouldn't give her my social security number to open an online banking account. Must have been a pain in the neck for her to do. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.