Android apps contain malicious code that uses motion sensors to avoid detection

The sad fact is that after many efforts by Google to isolate the Play Store from malware, malicious applications somehow find new ways to deceive measures. malware prevention ...

Android apps contain malicious code that uses motion sensors to avoid detection

The sad fact is that after many efforts by Google to isolate the Play Store from malware, malicious applications somehow find new ways to deceive measures. Advanced malware prevention and access to Google services to spread malicious code to Android users.

Recently, two typical malicious applications on Play Store have been debunked by senior security experts of Trend Micro's security research group, and at the same time they discovered that there were thousands Android users have downloaded and installed these two malware, which means the risk of spreading new malicious code on thousands of different devices.

Android apps contain malicious code that uses motion sensors to avoid detection Picture 1

These new malware-containing applications include a currency converter called Currency Converter, and a battery-optimized app called BatterySaverMobi.Worse, these malicious Android apps are trusted by many users to install on their devices because they use a lot of fake five-star reviews.Specifically, the malicious code on these two applications uses the motion sensor of infected Android devices to monitor and hide before automatically installing a dangerous Trojan named Anubis.This clever trick is more dangerous than the traditional stealth techniques commonly found on known types of malicious code in that they can hide in a separate piece of hardware like a motion sensor to avoid being detected when The researchers ran the emulator (using less sensors) to scan those malicious applications.

Android apps contain malicious code that uses motion sensors to avoid detection Picture 2

773 million emails, 21 million passwords were revealed on the Internet, this is the largest personal data leak in history

"When users move, their device often generates a motion sensor data. These malware developers assume that the sandbox used to scan for malware is an emulator. there is no motion sensor and therefore, it is not possible to create such kind of data In this case, security experts can determine whether the application is running in the sandbox environment by examining the data. The sensor " , researchers from security research group Trend Micro explained in a blog post published last Thursday.

Once downloaded and installed, the malicious application will use the device's motion sensor to detect whether the user or device is moving to adjust malicious and malicious behavior. avoid detection from users as well as security applications.

Then, as soon as the sensor data is accessible, the application will run malicious code and try to trick victims into downloading and installing malicious Anubis APKs through bogus system updates. , hide the ball as a "stable update version of Android".

If the user agrees to download a fake system update, the integrated malware spreaders will use requests and responses to legitimate services including Twitter and Telegram . to link connect to its required command and control server (C&C), and automatically download the Anubis Trojan on the infected device.

"One of the ways application developers use to hide malicious servers is to encrypt it in Telegram and Twitter website requests. The malware driver will ask for feedback with Telegram. or Twitter on the device that is running, then it automatically connects to the C&C server and checks the commands with the HTTP POST request.If the server responds to the application with the APK command and attaches the download URL, then Anubis will be 'dropped into' in the device's background launcher, " the researchers explained.

After being spread in the background, Anubis Trojan will obtain the user's bank account login information by using the integrated keylogger or taking a screenshot of the user when they insert any login information. Any banking application.

According to Trend Micro researchers, the latest version of Anubis has been spread to 93 different countries and targeted users of at least 377 financial application variants to extract detailed information. about their bank account.

New malware uses Google Drive as a command-and-control server

Not only that, the Trojan also has the ability to access contacts and location lists, send spam messages to contacts, save the number of calls on the device, and record voice calls and change sets. remember outside.

Android apps contain malicious code that uses motion sensors to avoid detection Picture 3

In the latest move, Google removed two malicious applications from Play Store.However, as the Internet has grown, security issues have become much more complicated.So, instead of relying on the behavior of security service providers or experts, the best way to protect yourself against such malicious software is to be vigilant when downloading applications. Even from reputable services such as Google Play Store, and more importantly, be cautious about applications that require you to provide administrative rights by simple means that you have granted Take full control of your device for that application.

See more:

Malware and user security bugs are found in top free VPN applications
Google paid a fine of 50 million euros after allegedly violating the General Data Protection Act in France
MySQL vulnerabilities allow malicious servers to steal data from customers
Microsoft shook hands with VirusTotal in resolving malicious code issues that affected MSI files

Series of Android applications contain malicious code you should remove immediately from your device
cybersecurity researchers have discovered many android apps containing adware and information-stealing malware on the google play store.
How to detect malicious apps on Android
installing applications outside of google play is often potentially risky, making users more likely to steal personal data and money. therefore, the detection of malicious applications on android phones will help you distinguish what will be a safe application, where the application contains malicious code, thereby minimizing the download of dangerous applications. security and protection of android devices become safer.
Detects many malicious Android applications that hide icons themselves to make it harder to uninstall
threat researchers at australia-based sophoslabs have found 15 android apps, apparently doing nothing but displaying ads on the device. these programs have product names and descriptions from qr readers to photo editors.
Most Android anti-virus software cannot detect malicious APK files
apk file containing malicious code is a method that hackers often use to attack android users. unlike ios, android users can download and install apps from third-party app stores or download the app's apk file and install it themselves.
Mass Logger: Keylogger is extremely dangerous with the ability to change the world of malicious code
mass logger regularly updates and adds new features to avoid detection.
Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...
a type of malware that has a package name is com.android.boxa that can steal users' private chat data on current messaging applications such as facebook messenger, skype, etc., by experts from the company. network security trustlook detected on android operating system.
10 million Android devices are preinstalled with malicious code from the factory
bad guys have compromised with the manufacturer to install malicious code on the device.
Google 'purged' 24 applications downloaded nearly 500,000 times containing malicious malware
csis security group found a total of 24 android apps on google play that contained malicious malware.
Detect new malicious code to attack Android device
symantec has discovered a new security threat, dubbed android.fakeneflic, that can exploit security holes on the android device's popular netflix application.
14 games on the App Store contain malicious code, iPhone users be careful
security researchers wandera recently discovered 14 games linked to a server once used to control malware golduck that made the android world chaotic last year.
How to turn off sensors on an Android phone
your phone is your most private property today. it's always there, listening, watching everything you do. however, you can turn these sensors off to avoid eavesdropping or peeping situations.
Malware Judy attacked more than 36.5 million Android phones
malicious code judy now attacks 36.5 million android users through dozens of malicious applications and games with the judy brand.