Malware Makers Set Sights On Motion Sensor
An extremely creative form of malware on Android devices uses motion sensors to help stay undetected. It's designed to combat one of the key methods used by malware scanning tools.
Trend Micro says it found the malware hidden in two Google Play Store apps named "BatterySaverMobi" and "Currency Converter," which claimed to provide functions as their names suggest. (Source: arstechnica.com)
Once installed, the apps downloaded malware in the background, then used a fake system update message to trick the user into giving permission to install it. The malware, named "Anubis," then used a combination of keylogging (recording what the user types in) and screenshots to try to capture login details for sensitive accounts and apps such as online banking.
Malware Checked Movement Sensors
While all these techniques are sadly all too familiar, Trend Micro said it uncovered a creative method to hide the malware activity from security software. (Source: trendmicro.com)
The researchers noticed the code for the malware included checking for data from the phone's motion sensors. If it detected signs that the phone was not in motion, it paused all activity until the phone was moving again.
It appears the idea was to get round security tools that use sandboxed emulators to examine suspicious files. That means they simulate the phone's activities to see what happens when a file runs, but don't actually allow the file access to the rest of the phone during the simulation.
Cat and Mouse Game
The malware creators appear to have reasoned most malware scanners operate while the phone isn't moving (assuming that the user is walking). That could be because the user simply has it in their pocket, because they are holding the phone while actively running a scan, or because the scanner runs at night time to avoid disruption. Instead, the new malware waits until the phone is moving, which makes it less likely a scan is running.
It's a reminder that security will always be a cat and mouse game between malware creators and security tools. In this case, the best defense would have been to avoid installing the rogue apps in the first place.
That's easier said than done, of course, but one good tip is to be wary of apps from unfamiliar developers. Another is to check through reviews carefully: the apps in this case had high ratings but the reviews had some grammatical errors which suggest they were fake or automatically generated.
What's Your Opinion?
Are you surprised malware creators are so creative? How do you vet apps before installing them? Is it safest to avoid getting apps from unknown developers at all?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Largest target for attacks
I am beginning to feel a little safer on my computer. :) (not really)
There are many more people with phones than there are people with computers. It makes sense that the new attack vector would move to phones. This is going to get far worse as times moves on.