One well-known malware is using a very unique tactic to stay hidden from virus detection systems and continue to spread across Android devices. The virus known as Anubis lurked in the Play Store in some seemingly innocent apps, such as battery charge managers and currency converters. The Google claims have already removed the programs where the malware was hidden but the apps had been downloaded five thousand devices.
Not to be discovered, when downloading malware stays in stand-by until detecting activity in the motion sensors of the device. The strategy was used by criminals who developed the program to evade malware detectors, which often create a simulation of the Android environment of a smartphone and use this simulation to trick malicious applications into revealing their malware in a secure environment where no device will be infected. Knowing this, the creators of this new way of using Anubis have programmed it to be triggered only when there is some kind of activity in the motion sensors of the device, as this would be confirmation that the virus was installed on a real smartphone and not running on a simulation.
Once the malicious app is “awake”, the user automatically receives a notification – which is usually disguised as a Twitter or Telegram notification – and by clicking on the notification, the device will start downloading a supposed Android update file. When confirming the update, the device grants permission to install the Anubis virus on the device.
And having Anubis installed on the smartphone is not something that any user will want. That’s because Anubis is a keylogger type virus, which records every action you take on the screen, capturing any kind of password or even typing messages. In addition, the virus also takes prints from your screen at all times and sends them to a server belonging to the criminals who created it, causing them to have a huge database with information and passwords of all the devices infected by the virus.
According to analysts, Anubis’ main objective is to collect credit card numbers and bank passwords from the devices where it is installed, and the virus has spread to 93 countries around the world, building a complete database for future scams.