Two apps in the Google Play store have been identified as the source of malicious malware that has infected thousands of devices. The malware, however, can only be detected when the device is in motion, according to security research team, Trend Micro.
The malware is disguised in the apps, Currency Converter and BatterySaverMobi. Both appear to be legitimate, enforcing this appearance with fake 5-star reviews in some cases, but after installing download a popular banking Trojan known as Anubis.
The fake app will then launch a fake system update, which once done can give the malware access to your legitimate apps. Using these other apps, the circumvent your device by utilizing those with the permission to have access to your device, sending the information to the malware’s required command and control servers. Once the malware has control, the app logs the users banking information, either through a built-in key logger or through screenshots taken while the user inputs their banking credentials.
While many protection software is updated to protect against new threats, Anubis has found a way to hide within motion-detection software. By doing this, the malware only runs when the device is in motion, halting altogether when there is no movement. Trend Micro released a full write-up here , for those interested.
The best way to protect yourself from vicious applications is to take a few extra steps before downloading that new app. Double check and make sure that the developers are legitimate, and even if some are, make sure you’re downloading the right app, instead of just a third-party app made to look legit.
Having virus protection on your device can also be a significant step — just make sure that it’s also legitimate. Malware sometimes advertised as protection software can actually be the source of some of these attacks. While it’s difficult to spot some of these malicious apps, it remains that users must be vigilant about what they allow on their devices and the permissions are given to these apps.
Since Trend Micro’s information release of these malware applications, Google has removed them from its store. Users must remain diligent of what they allow access to potentially personal and devastating information.