Smart malware sneaks its way into Android phones, uses motion sensor data to remain hidden

Smart malware sneaks its way into Android phones, uses motion sensor data to remain hidden
A known malware, named Anubis, has managed to sneak its way through a couple of simple apps on the Google Play Store through a series of evasive maneuvers. Now, before we begin, we'd like to state that Google has found and nuked the apps, so there's some good news right there.

The carrier apps in question were a simple Battery Saver and a Currency Converter. Before being taken down, the former had accumulated just over 5,000 downloads and about 70 reviews. As you can expect, however, said reviews were probably fake, as their text made little sense and they were posted by anonymous users (you know the type).


In order to remain hidden, the malware would do absolutely nothing unless it detects that the phone's motion sensors are generating data. The idea behind that? Well, some malware detectors will simulate an Android environment and run the target app in it in order to see if it does something fishy. The malware developer figured that such fake "Android sandboxes" won't be generating any motion sensor data since they are not actually on user-held devices. So, the trojan apps in question were made to wait for such data before they execute their malicious code.

Then, the apps send a notification to the user, concealed either as a Telegram or a Twitter invitation of sorts. However, that's simply a download link in disguise. Tapping on it will, sooner or later, trigger a download that's masquerading as a standard Android update. Accepting the latter finally opens the door and invites the Anubis malware in.

What does Anubis do? Pretty nasty stuff, really — unlike other malwares that will simply put a fake overlay on your screen and hope to get a glimpse of your credentials, Anubis is a straight up keylogger. That means, it can collect and record every keystroke you make on your virtual keyboard. To top it off, it can take screenshots of whatever you have up on your display at any time. Anubis has already spread to 93 different countries and is hard at work, building a — we imagine — pretty respectable database of account details. Reportedly, it's mostly interested in banking details — credit card numbers, e-banking login credentials, et cetera. You know, the stuff that you don't want anyone to know.

So, just a reminder — be careful what you download on your phone and definitely think thrice before sideloading stuff as well.

FEATURED VIDEO

19 Comments

1. RebelwithoutaClue unregistered

The article doesn't describe how this app will prompt the user to grant it accessibility rights and without this permission, it won't work. Neither battery saver nor currency converter needs this. But good thing it's removed.

2. maherk

Posts: 6769; Member since: Feb 10, 2012

Check their feed for today, it's nothing but negative article about android.

3. Peaceboy

Posts: 640; Member since: Oct 11, 2018

Well, nothing new as it is what the android garbages we’re experiencing the whole time. Getting a cheap phone and free apps has been always an idiotic move. Do you also wonder why government agencies didn’t even bother to target android phones security and privacy matter? Oh well. They don’t need to hire expensive agencies to brute such matter.

8. RebelwithoutaClue unregistered

Haha like clockwork the Apple trollboy is here. Was wondering where our village idiot was :)

13. sissy246

Posts: 7065; Member since: Mar 04, 2015

LMFAO So true, lol

12. Vancetastic

Posts: 1097; Member since: May 17, 2017

Good grief...can you translate that into a recognizable language, please?

14. RebelwithoutaClue unregistered

He doesn't use Google translate because you know....Google

16. Vancetastic

Posts: 1097; Member since: May 17, 2017

I feel like I lost seven to ten IQ points trying to read his comment.

9. RebelwithoutaClue unregistered

They don't try fact checking it seems. On an article about WearOS 2.3, they quoted a Redditor as a source for the changelog and it was obviously sarcasm and they totally missed that.

15. maherk

Posts: 6769; Member since: Feb 10, 2012

I wouldn't be surprised if they offered peacboy a job and he was the one writing all these articles.

19. sissy246

Posts: 7065; Member since: Mar 04, 2015

LOL, wouldn't surprise me at all.

11. sissy246

Posts: 7065; Member since: Mar 04, 2015

Yep And then we have peaceboy, lol

4. bucknassty

Posts: 1325; Member since: Mar 24, 2017

thats probably why people should take a second to look at what permissions you are granting each app.... but just like this article insinuates, android is just full of malware and bad s**t so whatever.... ALL HAIL IOS!!!!!!!!!!!!

6. blingblingthing

Posts: 943; Member since: Oct 23, 2012

So what about the malware iOS removed from their store?

18. bucknassty

Posts: 1325; Member since: Mar 24, 2017

from the average IQ of people... apple still can not get malware... all you have to do is just tell people something.... they will believe it!

7. paul.k

Posts: 293; Member since: Jul 17, 2014

The article insinuates nothing of the sort.

17. sissy246

Posts: 7065; Member since: Mar 04, 2015

Pretty sure he wasn't talking about in this article. IOS has removed malwere before. https://www.thedailybeast.com/apple-confirms-malware-found-in-apps

5. blingblingthing

Posts: 943; Member since: Oct 23, 2012

Masquerade as a phone update? Are people still falling for this crap?

10. RebelwithoutaClue unregistered

Remember that the average smartphone user (either Android or iOS) isn't at all tech-savvy. You and I can tell the difference, but most users can't

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.