The first consisted of nine apps download from more than 470,000 times from Google Play. The apps masked as tools for optimizing device performance with names such as Speed Clean and Super Clean. Behind the scenes, the servers were connected to which 3,000 various malware versions could be downloaded on compromised devices. After launch, applications could sign in to ad fraud on Facebook and Google Accounts. A second unrelated campaign used smart phishing e-mails to make users install one of the nastiest malware on the Android OS.
Thursday’s second campaign uses a clever campaign to infect Android devices with Anubis that is arguably one of the nastiest and ingenious malware for the mobile OS. Anubis is a malware component recognized for its naivety by Google. In the middle of 2018, IBM X-Force researchers documented a wide range of Google Play apps that installed financial fraud malware and the banking system. Just a few years later researchers found upgrades to Anubis, which detected the movement sensors of devices, rather than real hardware, when they were installed on the emulators of researchers.
The campaign released on Thursday uses emails that present a billing invoice with an attachment. It is actually an APK file, the most common format for the installation of Android applications. Devices that require applications to be installed in other sources than Google Play would show a fake message Google Protect demanding all harmless rights.
When the users click OK, Play Protect is deactivated and 19 allowances are granted, many of them very sensitive. Cofense researchers — the security company that documented the campaign — suspected that the ruse was a result of the false message that surpassed the authentic Android dialogue.
Taken together, the ancient advice for keeping Android malware-free on Thursday’s disclosure. The first is to be accused of Play users. Users should be cautious regarding software with very few customers, from unknown creators, or user reviews that detail questionable behaviors. Apps that give minimal benefit or are not commonly utilized should always be uninstalled.
As problem-free as Google Play may be (unless they are from Amazon or the developer known to the user or employer), it is almost always even more difficult to obtain apps from third party sources. Never install apps in emails under any circumstances.