EXCLUSIVE: Strong attack by hackers on the Greek Register of .gr!

EXCLUSIVE: Strong attack by hackers on the Greek Register of .gr!

After updating the SecNews reader, Fotis Mavrakis, from the friendly website www.RetroComputers.gr, the Registry of Domain Names with ...
Read More

EthiHak 2019: The final ten!

For another year, the big fight ended, the screens went out and EthiHak's two-day weekend would leave ...
Read More
infosec rapidshare

KEVIN MITNICK - EXCLUSIVE: The official interview of the famous hacker!

Are you ready for the first, official interview of Kevin Mitnick, the most famous hacker of our time, in Greece, exclusively at SecNews TV? Undoubtedly, ...
Read More

Iranian hackers engage in espionage campaigns in the West

In the last two years, Iranian hackers are particularly active. They have made many attacks on many companies throughout the ...
Read More

Cyber-security Verint is a victim of ransomware

A victim of ransomware dropped the offices of the American security company Verint cyber security in Israel. A screenshot released yesterday online ...
Read More
Latest Posts

Google Play: Malware was hidden using motion sensors

In the Google market Play there are many malicious apps that try tricks to prevent them from being traced. Instead, they use the motion sensor input to a contaminated device before installing a powerful bank trojan to make sure it does not load into emulators that researchers use to detect the attacks.


The rationale behind all this is that sensors are real end-user devices that will record the movement while they are being used. Instead, emulators used by security researchers and probably by Google employees do not use sensors. Recently, two apps with Anubis malware malware on infected devices were discovered from Google Play, which would only trigger the payload every time the traffic was detected. Otherwise, the trojan would dominate.

Also, a company that focuses on security issues, found that a dropper is used to drive traffic into two applications. The first was BatterySaverMobi that had 5.000 downloads and the second was Currency Converter that had an unknown number of downloads. Of course, once it was learned from Google that it existed malware, were immediately removed.

These malicious apps not only use motion detection to hide them but also other ways.

For example, one of the applications that installed Anubis on one device, its dropper used requests and answers via Twitter and Telegram to place the command and check the server. He then enrolled with the C & C server and checked for commands with an HTTP POST request. If the server responded to the application with an APK command and the URL was stuck, Anubis payload would move to the background. The dropper would then try to cheat users to install the app using the False System Upgrade as shown below.

Once Anubis was installed, it used a built-in keylogger that could steal the credentials of the user's account. Also, malware could gain access to credentials by taking screenshots of the infected user.

More specifically, the data showed that the latest version of Anubis had been shared in 93 different countries and targeted users who used financial applications to allow the attackers to exploit the financial information to their advantage. If Anubis succeeds, then the hacker accesses the contact lists as well as the site. It can also access and record sound, send messages, and make calls.

Taking all this into account, we conclude that unfortunately the attackers improve the quality of the malicious Android applications more and more. Second, Android users need to think more carefully before downloading apps from Google Play and be aware of the malicious activities that are being observed. What we recommend for Android users is to always be careful and prefer applications from recognized developers.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *