Hello, welcome to the Friday, January 18th, 2019 edition of the Santernet Storm Center's

Stormcast. My name is Johannes Ulrich and the time I'm recording from Jacksonville, Florida.

During Micro came across an interesting malicious application in Google's Play Store that

masked itself as a battery saver application.

Now, it appears to me that battery saver applications are sort of one of those favorites

to actually hide malware, probably because they don't really do much visibly to the user if they

do anything.

Now in this particular case, the developer of the malware actually jumped through some

additional hoops to make it more difficult to detect that malware is running.

The malware will only run if the phone is being moved.

Now, Trent Micro's assumption here is that the reason

for this is that if the malware is running in a sandbox, so someone is trying to analyze it, then

typically there are no motion sensors or if motion sensors are emulated by the sandbox, then they're stationary.

There is no motion being simulated.

So as a result, this particular malware will only run while the phone is being moved.

Now once the malicious code actually gets to run it, will then create a pop-up offering a system

update.

So this is how then the actual banking malware is being installed on the phone with the sufficient privileges of course to have access to the system.

Now about 5,000 users downloaded this particular malware.

The vast majority of the victims happened to be in Japan.

And Twitter fixed a 5-year-old vulnerability in its Android app that may have exposed protected

tweets. Now, in Twitter you have the option to send protected tweets which are limited.

...