Android WARNING: Google Play Store apps loaded with SNEAKY strain of malware

Android users are being warned about a sneaky strain of malware found on Google Play Store apps.

Android is one of the most used pieces of software in the world, with billions of people using the Google mobile OS each and every month.

The Android user base has been subject to some high profile security alerts, most notably the Judy malware campaign which infected millions of devices.

And now Android fans are once again being put on alert, this time about a strain of malware being spread via the Google Play Store.

Security experts at Trend Micro discovered the malware strain which has a devious way of avoiding detection.

The Anubis malware was loaded onto two Google Play Store apps that were downloaded thousands of times.

These apps were labelled as helpful tools on the Google Play Store, with the programmes named Currency Converter and BatterySaverMobi.

The malware on the apps were capable of stealing sensitive banking credentials from victims.

And the Android malware evaded detection via devious means.

The payload on the apps would only kick into action if it detected that an Android user was moving around.

Once motion was detected, the malware payload would kick in.

In a post online, Trend Micro’s Kevin Sun explained: “These apps don’t just use traditional evasion techniques; they also try to use the user and device’s motions to hide their activities.

“As a user moves, their device usually generates some amount of motion sensor data.

“The malware developer is assuming that the sandbox for scanning malware is an emulator with no motion sensors, and as such will not create that type of data.

“If that is the case, the developer can determine if the app is running in a sandbox environment by simply checking for sensor data.

“The malicious app monitors the user’s steps through the device motion sensor.

“If it senses that the user and the device are not moving (if it lacks sensor data and thus, might be running in a sandbox environment), then the malicious code will not run.

“If the malicious code runs, then the app will try to trick the users into downloading and installing its payload APK with a fake system update.”

One of the offending apps had a 4.5 rating on the Google Play Store from 73 reviewers.

However, Trend Micro said there are signs that these reviews were published via fake accounts.

Google has since removed the offending apps from the Play Store.

Describing how Android users can stay safe from such threats, Trend Micro researcher Sun said: “Gaps in mobile security can lead to severe consequences for many users because devices are used to hold so much information and connect to many different accounts.

“Users should be wary of any app that asks for banking credentials in particular and be sure that they are legitimately linked to their bank.”

• Stay tuned to Express.co.uk for all the latest Android news

source: express.co.uk