READ: Applications can detect dangerous users and ban them; understand
Shortly before, Cofense, which specializes in protection against phishing, had already revealed Anubis, a type of "supervirus" that also targets Google software and combines features of a banking trojan with ransomware. The threats came to the public shortly after the discovery of 24 malicious applications that reached 382 million people worldwide. See what is known so far about the new dangers.
How to remove viruses on an Android phone
Want to buy cell phones, TV and other discounted products? Meet Compare dnetc
Applications installed 3,000 malware
According to Trend Micro, a group of nine malicious apps has been available on the Android store since 2017 until it was discovered. They accumulated 472,000 downloads imitating games, VPN apps or promising to improve the performance of the phone. When installed, they download a load of malware responsible for mainly applying advertising fraud and false reviews.
Some malware forced login to external services through Google and Facebook. Victim accounts are never hacked, but are possibly used to inflate the volume of users of other applications. Other malicious codes use the smartphone to post fake reviews on the Google Play Store as a means of defrauding the mechanism that measures the popularity of apps in the store.
Tests conducted by Trend Micro show that apps do not exhibit malicious behavior when targeting Chinese citizens, which could suggest origin in the Asian country. According to Google, all have already been removed from the Google Play Store. Just them:
- Shoot CleanJunk Cleaner, Phone Booster, CPU Cooler
- Super Clean Lite Booster, Clean & CPU Cooler
- Super Clean Phone Booster, Junk Cleaner & CPU Cooler
- Quick Games H5 Game Center
- Rocket Cleaner
- Rocket Cleaner Lite
- Speed Clean Phone Booster, Junk Cleaner & App Manager
- H5 gamebox
Anubis: 'supervrus' mixes banking trojan with ransomware
Experts at Cofense Phishing Defense Center have discovered a new campaign that seeks to infect Android phones with a virus called Anubis, originally created to practice spying. Today, the threat also adds banking Trojan horse and ransomware functions.
By infecting a device, it is able to steal data, record calls, take screenshots and manipulate the administration permissions of other apps. After obtaining all the necessary information from the victim, he locks the cell phone with encryption and charges a ransom to release access.
The package distributed through phishing, such as a payment slip attached to an email. When opened, it shows a fake alert window that asks the user to supposedly activate Google Play Protect on the phone. However, action serves to grant permissions to break the smartphone's defenses, among them the Google antivirus's own deactivation.
According to the researchers, the most vulnerable users are those who use their smartphones for work, receive email on their cell phones and have their phone configured to allow the installation of unsigned corporate applications, a common feature of programs that are downloaded manually, outside the Google Play Store.