Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics | Cell Phone Spy and Mobile Tracking Software
by Kevin Sun We recently found two malicious apps on Google Play that drop wide-reaching banking #malware. The two apps were disguised as useful tools, simply named Currency Converter and BatterySaverMobi. Google has confirmed that both these apps are no longer on the Play Store. The battery app logged more than 5,000 downloads before it was taken down, and boasted a score of 4.5 stars from 73 reviewers. However, a close look at the posted reviews show signs that they may not have been valid; some anonymous usernames were spotted and a few review statements are illogical and lack detail. We looked into this campaign and found that the apps dropped a malicious payload that we can safely link to the known banking malware Anubis (detected by Trend Micro as ANDROIDOS_ANUBISDROPPER ). Upon analysis of the payload, we noted that the code is strikingly similar to known Anubis samples. And we also saw that it connects to a command and control (C&C) server with the domain aserogeege.space,