In the past couple of weeks a new malware infection has been doing the rounds which has affected thousands of Google Play Store users. In early July it emerged that an organised cyber crime group infiltrated the Google Play store and uploaded a number of different apps containing the Anubis banking malware, which is a trojan designed to steal your banking credentials and debit/credit card details.
The hidden malware payload was concealed within a number of different apps, some of which were online shopping apps, and was specifically designed to silently install the Anubis malware onto the users Android device.
The malware was first discovered by a team of cybersecurity analysts at IBM X-Force, who believe that the attackers put a significant amount of effort into making their apps look legitimate enough for users to download them. This in itself indicates that the group behind the Anubis malware dedicated significant resources to the attack.
Once the malware-infected application has been download and installed onto a users handset, the application pretends to be something called ‘Google Play Protect’ and requests significant accessibility rights from the user – probably hoping that the user will see Google Play and trust the request, before authorising it.
When an Android user grants the application accessibility rights they grant the application permission to watch your actions – effectively giving the malware permission to perform keylogging in order to steal banking credentials when the user fires up their banking app, or uses a mobile banking website.
It is understood that at least ten thousand people have downloaded these rogue applications, so the organised crime gang behind the attack was certainly effective. Google has been contacted; however, some of the applications are still available for download on the Google play store.
It goes without saying to be very careful about the apps that you download and make sure that you only download apps from reputable app developers.