Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Android Google Security

Google Play Malware Used Phones' Motion Sensors To Conceal Itself (arstechnica.com) 55

An anonymous reader quotes a report from Ars Technica: Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers -- and possibly Google employees screening apps submitted to Play -- are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant.

Security firm Trend Micro found the motion-activated dropper in two apps -- BatterySaverMobi, which had about 5,000 downloads, and Currency Converter, which had an unknown number of downloads. Google removed them once it learned they were malicious. The motion detection wasn't the only clever feature of the malicious apps. Once one of the apps installed Anubis on a device, the dropper used requests and responses over Twitter and Telegram to locate the required command and control server. Once Anubis was installed, it used a built-in keylogger that can steal users' account credentials. The malware can also obtain credentials by taking screenshots of the infected users' screen.

This discussion has been archived. No new comments can be posted.

Google Play Malware Used Phones' Motion Sensors To Conceal Itself

Comments Filter:
  • Once the app is removed from the Google store, does Google actually do anything to remove it from users phones too?...
  • by GameboyRMH ( 1153867 ) <gameboyrmh.gmail@com> on Friday January 18, 2019 @08:21AM (#57981262) Journal

    I think it's time to officially declare walled garden computing a failure from a security standpoint. Malware has had little trouble getting inside, and then the fact that it's inside the supposedly safe garden lulls users into a false sense of security. The only thing the walled garden has succeeded in doing is enriching the gatekeepers and disempowering the users.

    • by Actually, I do RTFA ( 1058596 ) on Friday January 18, 2019 @08:38AM (#57981296)

      Android isn't a walled garden - as an OS it's open (albeit needing to have each source whitelisted). Google as a curator of application sis a failure (and there is no reason to expect Amazon others are better.). However, the OS is pretty open.

      Apple seems to have their walled garden in order, and their OS is more locked down..

      Of course, the "walled garden" on phones before, without allowing random third party devs, worked fine on the older phones. I mean, you don't have many apps, but it was safe.

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Friday January 18, 2019 @08:38AM (#57981298)
      Comment removed based on user account deletion
      • by tepples ( 727027 )

        At the end of a day, you're just not paying for a device, but a service.

        Let's run with this analogy. Say I want portable video gaming with physical buttons, which fit some game genres better than the flat sheet of glass that is the input device included with an iPhone or Android phone. But I don't want a Nintendo 3DS or Nintendo Switch because I don't want the service of Nintendo imposing limits on what scenarios may and may not appear in a game. Which handheld device isn't made to impose this unwanted service?

        • Comment removed based on user account deletion
          • by tepples ( 727027 )

            Let me rephrase how I understood your post: "Any company disagreeing with Nintendo's monopoly on handheld gaming with buttons ought to be building and selling its own hardware." Do I understand you correctly?

        • by BaronM ( 122102 )

          If you insist, you can get something like this:

          https://pyra-handheld.com/boards/pages/pyra/

          All the buttons you could ever want, and no walled garden at all.

      • Don't like walled gardens, then don't support a company that enforces them. It's that simple.

        This is quite an ignorant statement. It pretends to not be aware that we don't live in a world where users have an actual choice. The walled gardens Google and Apple have created is for their own benefit, not due to user demands. We already have tools for dealing with malware by using firewalls and sandbox environments on "normal" operating systems. The lip service Apple and Goole play to gaurding against malware in their gardens is just because they've denied us the ability to protect ourselves. They

      • Comment removed based on user account deletion
    • by MobyDisk ( 75490 )

      What does Google do once they find this? The walled garden requires, in theory, that you know who the author is. Does Google try to prosecute the hackers? Of all the companies on Earth who should be able to track someone down, Google and Facebook seem like they could do it.

    • While you're certainly espousing a popular sentiment, the facts don't bear out anything you've said.

      Take a look at the mobile [statista.com] malware [computerworld.com] reports [forbes.com] from the last few years and if you parse through the details you'll see two consistent trends:

      1) Android accounts for the vast majority of malware—about 98% in 2013, rising to within a rounding error of 100% at this point—but that...
      2) Nearly all Android malware is coming from sources outside the Google Play Store, mostly via stores in the Middle East and

      • I don't see how the existence of a huge amount of malware outside of the walled garden suggests that the inside is safe because it has less, when that number is still enormous, and the primary security purpose is to be free of malware. That's like saying that a submarine that's half full of water has a good functioning hull because it has a much lower percentage of water than the outside ocean. It's like saying that a zoo with five lions running loose in the guest areas has good containment because there ar

        • I don't see how the existence of a huge amount of malware outside of the walled garden suggests that the inside is safe because it has less

          I see you enjoy moving goalposts. After all, your original assertion (see: subject line) was that "the garden wall provides no safety"—none—which is a patently false claim, but now you're trying to argue that they don't provide enough safety, which is a subjective claim for which you provide no evidence, other than an unspecified but "enormous" amount of malware that is apparently still getting in, despite the links I just provided that seem to contradict that notion.

          That's like saying that a submarine that's half full of water has a good functioning hull because it has a much lower percentage of water than the outside ocean.

          Not even close. While there

          • Well yes if you want to nitpick, I wasn't literally correct to say "no safety" if you compare the safety of a person installing any random app from inside vs. outside the app store, although that's not something a person will normally do. Similarly in my analogies, of course you'd be in more danger inside the lion cage or strapped to the outside of the submarine. If you assume a person would be stupid enough to go there, which they generally aren't.

            Title nitpicking aside, you'd have a good argument if you h

            • Title nitpicking aside, you'd have a good argument if you had the scale of the malware problem in app stores correct. Which you didn't...you were at least a couple of orders of magnitude low:

              I'm not seeing it. Quite the opposite, actually, since your links mention 7, 145, and "more than 50" instances of malware apps making it into the stores, all of which fall in line with my statement that out of the hundreds of thousands of apps that are submitted for review each year, there are "only a few hundred [instances of malware] most years". If anything, your links would suggest that I might have overstated that aspect of the malware problem by an order of magnitude.

              That said, it seems like you may b

    • by sootman ( 158191 )

      Never say never. Walled gardens provide SOME security. No system is perfect. This is as useless as saying "Locks provide no safety. Break-ins still happen." or "Seat belts provide no safety. People still die in car crashes."

      "I think it's time to officially declare walled garden computing a failure from a security standpoint."

      Well then, by your logic, I guess we can declare EVERYTHING EVER MADE a failure from a security standpoint because exploits still happen, right?

      Follow-up question: are walled gardens more secure, about the same as, or less secure than totally open systems?

  • and other stuff like that.

    And with randomize i mean to filter it to something that looks like it is being used for real, not just completely random crap.

  • by MobyDisk ( 75490 ) on Friday January 18, 2019 @09:01AM (#57981350) Homepage

    The reviews for the app reveal several levels of stupidity:
    Reviewer 1: "Just started using still unknown"
    Reviewer 2: "you are asking me and I just now installed the app"
    ^^^ Facepalm 1: Then why did you post the review??
    ^^^ Facepalm 2: Why does Android prompt people to review apps just after they installed them?

    Reviewer 3: "Thanksgiving"
    Reviewer 4: "Totally awesome"
    ^^ WTH?

    • by Anonymous Coward

      Reviewer 1: "Just started using still unknown"
      Reviewer 2: "you are asking me and I just now installed the app"
      ^^^ Facepalm 1: Then why did you post the review??
      ^^^ Facepalm 2: Why does Android prompt people to review apps just after they installed them?

      My bet, your Facepalm #2 where apps immediately prompt you for a review.

      At this point, I've given up on apps. Most of them are written by assholes and offer little value, or as we see constantly, outright malicious.

      To me, grabbing a random app with a relativ

    • >>> Why does Android prompt people to review apps just after they installed them?

      Because people buy apps for the attention, not the app.

  • Does Google or Apple make any effort to contact the infected users when they find malicious apps? Seems like it would be the right thing to do.

  • by thomn8r ( 635504 ) on Friday January 18, 2019 @09:59AM (#57981506)
    The VW emissions trick worked in a similar fashion: it detected the lack of certain control inputs to figure out if it was being tested.

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White

Working...