Trust Trend Micro when it publishes a special report. We have shared with you a number of related reports like that HiddenMiner Android malware from last year, the DressCode malware, and just recently, the fact that some Game, TV, Remote Control apps are actually adware in disguise. This week, the cybersecurity and defense firm said there are two apps on the Google Play Store that are malicious. If you have the apps BatterySaverMobi and Currency Converter, we recommend you delete them.
According to Trend Micro, these apps are malicious as they disguise themselves as useful tools. You won’t think they are malware but they are dangerous. They’re no longer listed on the Google app store but some 5,000 Android users were able to download them before.
Not many people knew what they really were. The battery app even received an average of 4.5 stars from 73 reviewers but they seem to fake.
Trend Micro reports that both apps would send a malicious payload to the malware Anubis. It’s a banking malware discovered by the software security company before. The devs notice these apps and Anubis have similar code. The apps are also connected to aserogeege.space and several malicious domains map. All pieces of evidence point to Anubis.
The two apps have avoided detection. Their developers were really good because they created them to take advantage of motion to hide their activities. What happens is that the malware can make a sandbox appear as an emulator with no motion sensors.
Malicious code may run, resulting to a payload APK being downloaded and installed. The APK contains a with a fake system update.
All the anomalies are hidden, no thanks to the motion sensors. In summary, the Trend Micro researcher explains the malware: The Anubis malware masquerades as a benign app, prompts the user to grant it accessibility rights, and also tries to steal account information.
There is the danger of Anubis running and any attacker can have access to a phone including all contacts, location, and even use different features like make calls, record audio, send text, etc.
SOURCE: Trend Micro
