Saturday 2 February 2019, Poradnik bezpieczeństwa
Malicious apps acting as droppers found in the Google Play Store
Lost24
In the Google Play Store you can more often come across malicious applications acting as droppers, that is, inconspicuous-looking applications that aim to obtain the necessary permissions to download a trojan horse.
Niebezpiecznik portal provided two recent examples of such applications as BatterySaverMobi, which had over 5,000 downloads, as well as Currency Converter. Both applications have utilized motion sensors to prevent malicious code from running when the device was stationary.
As soon as the device was put in motion the application displayed an “update” notification. According to Niebezpiecznik, at this point both applications have downloaded the trojan horse by connecting to C&C servers in the domain linked to Anubis, whose malicious activity in the Orange Poland mobile network has reached 41%. Anubis collected records of on-screen touch input as well as screenshots and based on this data cybercriminals were able to collect necessary credentials.
Niebezpiecznik also warns that in addition to droppers attackers can also impersonate known applications used for banking services etc. Therefore it is worth to have an up-to-date antivirus software installed on your device, although it will not give you 100% of security.
There are no comments