Smart malware sneaks its way into Android phones, uses motion sensor data to remain hidden
19

A known malware, named Anubis, has managed to sneak its way through a couple of simple apps on the Google Play Store through a series of evasive maneuvers. Now, before we begin, we'd like to state that Google has found and nuked the apps, so there's some good news right there.
Then, the apps send a notification to the user, concealed either as a Telegram or a Twitter invitation of sorts. However, that's simply a download link in disguise. Tapping on it will, sooner or later, trigger a download that's masquerading as a standard Android update. Accepting the latter finally opens the door and invites the Anubis malware in.
So, just a reminder — be careful what you download on your phone and definitely think thrice before sideloading stuff as well.
The carrier apps in question were a simple Battery Saver and a Currency Converter. Before being taken down, the former had accumulated just over 5,000 downloads and about 70 reviews. As you can expect, however, said reviews were probably fake, as their text made little sense and they were posted by anonymous users (you know the type).
In order to remain hidden, the malware would do absolutely nothing unless it detects that the phone's motion sensors are generating data. The idea behind that? Well, some malware detectors will simulate an Android environment and run the target app in it in order to see if it does something fishy. The malware developer figured that such fake "Android sandboxes" won't be generating any motion sensor data since they are not actually on user-held devices. So, the trojan apps in question were made to wait for such data before they execute their malicious code.
Things that are NOT allowed: