Schneier - Clever Smartphone Malware Concealment Technique

This is clever:

Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks.

The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers­ -- and possibly Google employees screening apps submitted to Play­ -- are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant.




from Schneier on Security https://www.schneier.com/blog/archives/2019/01/clever_smartpho.html

Comments

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Krebs - NY Charges First American Financial for Massive Data Leak

US-CERT - SB18-169: Vulnerability Summary for the Week of June 11, 2018