READ: Applications can detect dangerous users and ban them; understand
Shortly before, Cofense, specializing in protection against phishing, had already revealed Anubis, a kind of «supervirus» that also targets Google software and combines features of a banking trojan with ransomware. The threats came to the public shortly after the discovery of 24 malicious applications that reached 382 million people worldwide. See what is known so far about the new dangers.
How to remove viruses on an Android phone
Want to buy cell phones, TV and other discounted products? Discover Compare dnetc
Applications installed 3,000 malware
According to Trend Micro, a group of nine malicious apps has been available on the Android store since 2017 until it was discovered. They accumulated 472,000 downloads imitating games, VPN apps or promising to improve the performance of the phone. When installed, they download a load of malware responsible for mainly applying ad fraud and false reviews.
Some malware forced login to external services through Google and Facebook. The victim’s accounts are never hacked, but are possibly used to inflate the volume of users of other applications. Other malicious code uses the smartphone to post fake reviews on the Google Play Store as a means of defrauding the mechanism that measures the popularity of apps in the store.
Tests conducted by Trend Micro show that apps do not exhibit malicious behavior when targeting Chinese citizens, which could suggest origin in the Asian country. According to Google, all have already been removed from the Google Play Store. Are they:
- Shoot Clean – Junk Cleaner, Phone Booster, CPU Cooler
- Super Clean Lite – Booster, Clean & CPU Cooler
- Super Clean – Phone Booster, Junk Cleaner & CPU Cooler
- Quick Games – H5 Game Center
- Rocket Cleaner
- Rocket Cleaner Lite
- Speed Clean – Phone Booster, Junk Cleaner & App Manager
- H5 gamebox
Anubis: ‘supervirus’ mixes banking trojan with ransomware
Experts at Cofense Phishing Defense Center have discovered a new campaign that seeks to infect Android phones with a virus called Anubis, originally created to practice espionage. Today, the threat also adds banking Trojan horse and ransomware functions.
When infecting a device, it is able to steal data, record calls, take screenshots and manipulate the administration permissions of other apps. After obtaining all the necessary information from the victim, he locks the cell phone with encryption and charges a ransom to release access.
The package is distributed via phishing, like a payment slip attached to an email. When opened, it shows a fake alert window that asks the user to supposedly activate Google Play Protect on the phone. However, the action serves to grant permissions to breach the defenses of the smartphone, including the very deactivation of Google’s antivirus.
According to the researchers, the most vulnerable users are those who use their smartphones for work, receive email on their cell phones and have their phones configured to allow the installation of unsigned corporate applications, a common feature of programs that are manually downloaded, outside from the Google Play Store.