Jump to content

2 Android Apps From Google Play Store Launching Banking Malware With Sophisticated Evasion Techniques


steven36

Recommended Posts

Researchers discovered 2 Malicious Android apps from Google Play Store that drops Anubis banking malware with  advanced  obfuscation techniques.

 

The malicious apps posed as a legitimate tool with the name of Currency Converter and BatterySaverMobi and also attackers posted a fake review and boasted a score of 4.5 stars.

 

 

Google Play store continuously flooding with various malicious apps including adware, spyware, malware that targets the millions of Android users.

 

These new malicious apps intended to be  uploaded into Google Play store to infected Android users with Anubis Banking Malware.

 

Both Apps had  thousands of downloads that affected various countries  users including Japan, Australia.US, Italy and more.

 

58 f 1

 

Malicious Apps Discovered in Play Store

 

 

These malicious apps are just a little ahead of normal evasion techniques and are  taking advantage of users and their activities in order to hide them using device motion.

 

Since the motion sensor are always running on the Android mobile, its consuming a  little amount of data. but the sandbox for scanning malware is an emulator with no motion sensors.

 

So the developer assumes  that if there is  no sensor then the app is running under the  sandbox so the app will be immediately be stopped by using “kill” command and the malicious code will not run .

 

1251

Infection Process with Anubis Malware

Initial analysis of Payload indicates that the code is similar to the Anubis Banking malware and it connected to the C&C server with Anubis linked  to aserogeege.space domain.

 

Along with this 18 other malicious domains are being operated under the same attacker's control and the domains change IP addresses quite frequently.

 

Anubis malware basically posed as  legitimate apps and steal the users bank account information by request to grant permission to banking apps.

 

Unlike other banking malware that launched a fake overlay screen and monitor the user activities when they enter the key inputs

 

But Anubis malware is a little different that it contain a built-in keylogger future  and that it can simply steal a users’ account credentials by logging the keystrokes. 

 

Apart from this, it has an ability to take a screenshot of the victims mobile in order to steal the users data.

 

According to Trend Micro research, Our data shows that the latest version of Anubis has been distributed to 93 different countries and targets the users of 377 variations of financial apps to farm account details. We can also see that, if Anubis successfully runs, an attacker would gain access to contact lists as well as location. 

 

Also it can perform other malicious activities including record audio, send SMS messages, make calls, and alter external storage. Anubis can use these permissions to send spam messages to contacts, call numbers from the device, and other malicious activities.

 

Source

 

 

Link to comment
Share on other sites


  • Replies 2
  • Views 642
  • Created
  • Last Reply

Really?!?!  People install Apps on the same phone that they then use for their banking?  How dumb can you get.  First off, do you really need those apps on your phone, doesn't it come with enough junk already.  And then, why would you use your phone to access financial accounts, since out of all internet accessing devices, phones are the least secure.  Stupid is as stupid does...Forrest Gump.

Link to comment
Share on other sites


Bank screwed up recently and dunned me $50 for a $30 check I wrote & talking to their adjustments department the lady was dumbfounded because I dont use online banking .  She didn't know how to fix the error at first.  They had to mail me in postal mail the adjustment receipt because I wouldn't give her my social security number to open an online banking account.  Must have been a pain in the neck for her to do.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...