Android Users Targeted in Two Newly Discovered Malware Campaigns

• The first campaign spreads malware through nine different fake utility apps.
• The second campaign spreads Anubis banking trojan via phishing emails.

Security researchers have reported two new malware campaigns that primarily rely on malicious apps. The purpose of these campaigns is to target Android users and manipulate their data by infecting their devices with malware.

What is the first campaign about?

The first campaign, identified by Trend Micro, involves nine apps that claim to be utilities. However, in a real sense, they connect to attacker-controlled servers to download malware onto compromised devices. The campaign has been active since 2017 and targets Android users in Japan, the US, Taiwan, India, and Thailand.

The apps participating in this campaign include:

• Speed Clean-Phone Booster
• Shoot Clean
• Super Clean Lite- Booster
• Super Clean-Phone Booster
• Quick Games-H5 Game Center
• LinkWorldVPN
• H5 gamebox
• Rocket Cleaner
• Rocket Cleaner Lite

The apps can even log in to users’ Google and Facebook accounts to perform ad fraud. These apps can also be used to post fake reviews through compromised devices. According to researchers, these malicious apps have been downloaded more than 470,000 times from the Google Play Store.

The second campaign spreads Anubis

A second campaign, disclosed by the researchers from Cofense, uses phishing email to install the Anubis banking trojan. After compromising a device, Anubis starts to create a list of installed apps and then compares them against a list of 263 targeted apps.

Once an app is identified, it overlays with a fake login page to steal the user’s account details. Capabilities of the latest version of the trojan include:

• Disabling Play Protect
• Recording audio
• Making phone calls
• Capturing screenshots
• Modifying admin settings
• Opening any URL
• Reading contact list
• Controlling the device via VNC
• Receiving/sending/deleting SMS
• Locking the device
• Searching and encrypting files
• Retrieving GPS location
• Pushing overlays

Conclusion

Researchers explain that there is an increased use of Android phones in business environments. Therefore, it is important to defend against these threats by ensuring devices are kept current with the latest updates.