A known malware, named Anubis, has managed to sneak its way through a couple of simple apps on the Google Play Store through a series of evasive maneuvers. Now, before we begin, we'd like to state that Google has found and nuked the apps, so there's some good news right there.
The carrier apps in question were a simple Battery Saver and a Currency Converter. Before being taken down, the former had accumulated just over 5,000 downloads and about 70 reviews. As you can expect, however, said reviews were probably fake, as their text made little sense and they were posted by anonymous users (you know the type).
Anubis' trojan horses
In order to remain hidden, the malware would do absolutely nothing unless it detects that the phone's motion sensors are generating data. The idea behind that? Well, some malware detectors will simulate an Android environment and run the target app in it in order to see if it does something fishy. The malware developer figured that such fake "Android sandboxes" won't be generating any motion sensor data since they are not actually on user-held devices. So, the trojan apps in question were made to wait for such data before they execute their malicious code.
Then, the apps send a notification to the user, concealed either as a Telegram or a Twitter invitation of sorts. However, that's simply a download link in disguise. Tapping on it will, sooner or later, trigger a download that's masquerading as a standard Android update. Accepting the latter finally opens the door and invites the Anubis malware in.
Anubis is a nasty thing to have on your phone
What does Anubis do? Pretty nasty stuff, really — unlike other malwares that will simply put a fake overlay on your screen and hope to get a glimpse of your credentials, Anubis is a straight up keylogger. That means, it can collect and record every keystroke you make on your virtual keyboard. To top it off, it can take screenshots of whatever you have up on your display at any time. Anubis has already spread to 93 different countries and is hard at work, building a — we imagine — pretty respectable database of account details. Reportedly, it's mostly interested in banking details — credit card numbers, e-banking login credentials, et cetera. You know, the stuff that you don't want anyone to know.
So, just a reminder — be careful what you download on your phone and definitely think thrice before sideloading stuff as well.