Anubis Android malware is back, and going after your banking apps

Anubis banking Trojan steals valuable finance-related data from the target

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers have uncovered a new cybercrime campaign using the notorious Anubis banking malware.

According to security frm Lookout, the malware, which first surfaced in 2016, has returned and is targeting customers of almost 400 financial institutions,cryptocurrency wallets, and virtual payment platforms.

Investigating a dangerous newmobile viruscampaign, Lookout researchers discovering a modified version of Anubis being distributed through a novel way - bystealing the identityof one of the biggest telecommunication service providers in France - Orange S.A, and presenting itself as its “official” account management application.

Under threat

Anubis is a banking Trojan that collects valuable finance-related data such as SMS messages from the victim, but is also able to log keys, exfiltrate files, monitor the screen, harvest GPS data, and take advantage of other accessibility services enabled on the device.

However, to do all that, it often needs to ensure the device owner enables third-party apps. If Anubis detects that the device hasGoogle PlayProtected enabled, it will push a fake system alert to try and deceive the user into disabling it. Only afterGooglePlay Protected is disabled, does Anubis get full access to the target device and the ability to do the abovementioned actions.

Very little is known about the creators of Anubis, or the malicious actors behind the latest distribution campaign. According to multiple media sources, the actor behind the Trojan is known as Maza-In, and was arrested by Russian authorities back in 2019. However, themalwaredid get a few updates at a later date, and in 2020, returned through large-scale phishing campaigns, when it went after 250 shopping and banking apps.

One of the versions even came with an “almost-functional” ransomware module, as it enabled the attackers to encrypt the data on the target device. However, there’s no record of Anubis being used in the wild as a ransomware.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics