A new sort of smartphone malware was discovered that only activates while the host phone is in motion. This malware utilizes the phone’s motion sensors to trick malware-detecting software into thinking it is something like a fitness app, tracking steps, activity, etc. Most malware-detecting software only looks for malware that’s sending signals when the user isn’t normally active on the phone – as such, it ignores an app that’s only working while the phone is in motion.
The idea is slick, really. The malicious activity the app is initiating is beside the point. The way the malware works its way around detection – that’s the interesting part here. Imagine this sort of situation in any other time in history – it just wouldn’t make sense. This is a brand new sort of combination of elements, one that’s never happened here on our planet before.
The user downloads an app (the app(s) in question are no longer available for download via Google Play, etc, if you’d like to know), and the app works like it is supposed to work. The app was downloaded over 5,000 times according to the report from Trend Micro. This app had a rating of 4.5 stars out of 5! Lots of these reviews should never have been allowed in the first place and it seems like faking review scores is really super easy in 2019 – but that, too, is beside the point right now.
The downloaded app works great – it’d be a good app if it didn’t have any secret aims in mind. Unfortunately the app drops a package in the smartphone, unbeknownst to the user. That package goes by the name ANDROIDOS_ANUBISDROPPER, or just Anubis. It’s a banking malware that steals login credentials to banking apps, payment cards, and e-wallets.
“The malware developer is assuming that the sandbox for scanning malware is an emulator with no motion sensors, and as such will not create that type of data,” said Trend Micro’s Kevin Sun. “If [the malicious app] senses that the user and the device are not moving, then the malicious code will not run.”
How do you avoid downloading something like this? You rely on your favorite tech blog to download and test these apps for you. If you’re worried about getting malware from an app called “BatterySaver1000WowFree”, you’re probably right to worry.