Password-stealing malware sneaks in Google Play store in bogus apps

A cybercrime group has sneaked apps onto the official Google Play Store which then serve up Trojan banking malware to Android users, security researchers have revealed.
Uncovered in June, the campaign delivered Anubis malware designed to steal login credentials for banking apps, e-wallets and payment cards. The payload was hidden in applications which claimed to offer services ranging from online shopping to live stock-market monitoring.
The Android malware campaign has been unearthed and detailed by researchers at IBM X-Force, who suggest the effort put into making the applications look legitimate indicates "a large investment of resources on the part of the campaign's operator".
The malware seeemingly takes its name from Anubis, the Ancient Egyptian God of the dead.
As with other forms of Android malware uncovered in the Google Play app store, the malicious intent of Anubis is hidden away, with the payload only being delivered after the application is installed and in contact with a command-and-control server. Such is the stealthy nature of the malicious downloader, researchers say it isn't detected by antivirus software.
The developers of the malware are regularly altering the capabilities of the malware and will slightly alter the code to ensure that it isn't detected by Google Play's security controls. The regular updates are another sign which points to the malware being the work of a well-resourced criminal group.
Once BankBot Anubis has been delivered to the device the malware masquerades as an app called "Google Protect" which asks for accessibility rights. The malware authors are ultimately hoping that users will see the name Google on the display and inherently trust that the request is legitimate.
However, this is not the case and by granting accessibility rights, the malware is given permission to perform keylogging for the purposes of stealing infected user's credentials when they use a banking app or payment site. Anubis can also take screenshots of the user's display.
The campaign examined appears to specifically target Turkish users, but the configurations within Anubis show that it can be used to steal from users in countries around the world, including the US, UK, Australia, Israel, Japan and many more.
"Our research team suspects a cybercrime group operating in Turkey is behind this particular BankBot Anubis campaign. The downloaders themselves can also potentially be a cybercrime service offering distribution via Google Play," Limor Kessem, executive security advisor at IBM Security told ZDNet
It's thought that at least 10,000 people downloaded the malicious downloaders - although it's unknown how many of those have subsequently been infected with the malware.
IBM X-Force states that the malicious apps have been reported to Google for removal. ZDNet contacted Google, but hadn't received a reply at the time of writing.
Smartphones remain a popular target for cyber criminals because of the sheer amount of data they hold. In order to avoid falling victim to malware, users should only download trusted applications and should be mindful of what permissions the apps are requesting.

Views: 147

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto

14 November 2018

Apple Confirms T2 Chip Can Brick Macs After Third-Party Repairs

Starting late last year, Apple included a new custom security chip in its computers called the T2. Ostensibly

Apple co-founder Steve Wozniak: ‘I do not believe in auto driving cars’ — it’s not possible yet

Technologist Steve Wozniak told CNBC on Tuesday he had once hoped that Apple would build the first self

China Extends Supercomputer Share on TOP500 List, US Dominates in Total Performance

The 52nd edition of the TOP500 list saw five US Department of Energy (DOE) supercomputers in the top 10 

Japan Launches First Drone Document Delivery in Fukushima Amid Labor Shortage

The Japan Post Co. officially began delivering documents via drone in Fukushima on Wednesday, marking 

Digital transformation spending to approach $2 trillion by 2022

Digital transformation spending will approach the $2 trillion mark in 2022, good for a 16.7 percent compound 

Galaxy Note 10 tipped for bigger screen than iPhone XS Max

Speculation suggests the Samsung Galaxy Note 10 will have a 6.66-inch display. This would be larger than 

13 11 2018

Upgraded US supercomputers claim top two spots on Top500 list

The US now can claim the top two machines on a list of the 500 fastest supercomputers, as Sierra, an IBM machine for nuclear weapons 

Samsung presents prototype of TV with human brain as remote control

Samsung is developing a TV system that might one day allow users to flick channels and adjust the volume using their brains

50 countries vow to fight cybercrime – US and Russia don’t

Fifty nations and over 150 tech companies pledged Monday to do more to fight criminal activity on the internet

Heat-rejecting film could reduce air conditioning costs

Climate change can be a vicious cycle when folks crank up the air conditioning during heat waves and add even more CO2 to the atmosphere

Study shows smartphones harm the environment

At the end of winter term in 2014, Lotfi Belkhir was approached by a student taking his Total Sustainability and Management course who asked, “W

Minister of Transport, Communications and High Technologies to receive citizens in Barda

Minister of Transport, Communications and High Technologies Ramin Guluzade will receive citizens in Barda city (citizens from Barda, Yevlakh, Tartar a

Twitter considering an edit button to change tweets, says Jack Dorsey

Twitter is considering introducing an edit button to correct errors in tweets, according to the social media platform's chief executive

Intel’s new 5G modem might power Apple’s first 5G iPhones

2019 is shaping up to be a big year for 5G, and Intel — one of tech’s biggest mobile players — has finally announced its plans for t