Anubis Malware Campaign: Mobile Malware Sneaks into Google Play Store via Fake Apps

The malware masquerades as an app called Google Protect

A malicious group of hackers has successfully managed to deliver Anubis malware into the devices by sneaking malicious apps into google play store. The malicious apps were uncovered in June and are designed to steal login credentials of banking apps, wallets and payment cards.

What is is the malware? How does the app bypass Google Play Protect security?
The Payload is being hidden under the applications that claim to offer services like online shopping and livestock market monitoring. Once the app gets downloaded the payload gets delivered via a command and control server and what’s more concerning is it does not get detected by antivirus software.

In order to ensure that the app does not get detected by Google play store, the developers of the malware are constantly altering the capabilities of the malware.

Once the app gets installed on a device, the malware masquerades as an app called "Google Protect", which asks for accessibility rights like. This is done so that the users might trust the malware seeing the name Google on the display.

When the user gives the permission to perform keylogging for the purposes of stealing infected user's credentials when they use a banking app or payment site. Anubis can also take screenshots of the user's display.

According to the reports, at least 10,000 people downloaded the malicious downloaders.  Although it's unknown how many of those have subsequently been infected with the malware.

How can consumers stay safe?
Few tips that should for the consumers to be followed:

* Don’t download apps from unknown sources, they can be infected with data-stealing malware hidden behind a genuine looking app. Stay away from pirated apps too.

* Always check what all permission the app requires the users to allow before installation. Stay cautious with permissions that don't seem legitimate, for instance, if a calculator app wants to access your call logs or messages it is clear that the app wants unnecessary permission and can be malicious. Trust your gut!

* Never click on unknown links, even if it seems to be coming from a known person. You can test the authenticity of the link by hovering your mouse over the link. This will display the real address to which the link is redirecting. If it is not the general link you visit, do not click it.

* Only install apps from the official app stores and never from third party websites. Even when downloading from the app store, look at the reviews and #downloads to judge the app.

Ankush Johar, director at Infosec Ventures, said: "This is not the first time a malicious app has slipped past Google Play Store’s internal scanner.  Most malicious applications ask for permissions that are used to take control of the victim's device and steal all the data. Users should be vigilant while clicking on any link and always check what kinds of permission is required by the app before downloading it.

"Your security is in your own hands. If an app asks for more permission than what is required then one must avoid downloading the app or disable unwanted permissions from the app settings.

"Just because it's on the official app store, it does not imply that it cannot be malicious. Even with all the security measures put in by Google, hundreds of apps with a mal intent make their way to the app store so THINK BEFORE YOU CLICK!"


Around The World