Security researchers have discovered new malware in the Play Store, which uses a very special trick to bypass detection. The dangerous app was not enabled until your phone moved.
This is how Android malware used motion sensors
Although Google checks all Android apps before they are in the Play Store, some malware regularly creeps through. Usually the app is quickly removed as soon as Google detects the virus. In this case, the developers of the malware have used a very special trick to circumvent Google, the security researchers of report Trend Micro .
This virus is hidden in seemingly innocent apps, but is only activated once your device is in motion. Usually Google and other researchers do not use real Android smartphones, but emulators to test apps. They are never moved, so the virus was never activated during the test.
Fake update notification
After the virus was activated, users were shown a counterfeit update report. This update looked identical to official update notifications, and promised new features for their Android smartphone. By pressing ‘Install update’, the malware was downloaded and activated in the genius.
The malware was specifically aimed at looking at bank apps. Anubis, as the malware was called, tried to collect login data from bank apps and forward it to hackers. In addition, the malware had access to the contacts, camera, microphone and storage space of the affected users. The virus granted itself the permissions to send text messages and call numbers in the background.
5000 users affected
This specific malware was discovered in two apps: BatterySaverMobi and Currency Converter. Both apps had collectively no more than 5000 downloads and have since been removed by Google from the Play Store. It is unknown whether they have also been downloaded by Dutch users.
Google claims that it does everything to keep the Play Store safe, with initiatives such as Play Protect . Yet dangerous apps regularly appear. Knowing more? Read our tips about recognizing and removing dangerous Android apps .