In Google Play found apps designed to steal banking data users

Trend Micro was founded in 1988, it is engaged in the development of antivirus software and solutions in the field of security for the hybrid cloud, network security, small business and endpoint protection. The company has managed to find in Google Play two insecure applications that steal banking data users. We are talking about currency Converter Currency Converter and application BatterySaverMobi. Currently, they are removed from Google Play, but the second downloaded 5,000 times, which is quite a lot.

In the description to the app to save battery life you can meet positive reviews and a rating of 71 with an average of 4.5 stars. Once again we can see that the feedback is not an indicator of quality apps, Google need something to do with it. Trend Micro has studied the software, it turned out that their code is very similar to the code of banking malware BY Anubis. In addition, applications connected to the server aserogeege.space, which was associated with Anubis. In addition aserogeege.space, they included the 18 domains, which are addressed to a single server 47.254.26.2. This IP address has varied frequently enough and for October could be replaced 6 times.

As applications are avoiding detection?

The developer of the malware suggested that sandbox for malware scanning is an emulator without the motion sensors, so the malicious code is run only in case when the smartphone is in motion. This allows you to avoid detection.

After testing the code on the screen there is a fake window asking to install the update. In fact, after the installation runs in the background, the malware is a Keylogger that scans any clicking on the screen and is able to take screenshots of your desktop. In addition, Anubis gets access to the contacts and geolocation, the virus can record audio, send SMS, make calls and control the vault.

We in the Telegram

Source

Leave a Reply

Your email address will not be published. Required fields are marked *