Anubis Android Malware

News Mjolnir Security todayMay 29, 2022 99 1

Background
share close

Anubis first appeared on Russian hacking forums in 2016, shared as an open-source banking trojan with instructions on implementing its client and components.

In the years that followed, Anubis received further development work, and its newer code continued to be openly shared between actors.

In 2019, the malware added what appeared to be an almost functional ransomware module and found its way into Google’s Play Store through fake apps.

In 2020, Anubis returned through large-scale phishing campaigns, targeting 250 shopping and banking apps.

Anubis will display fake phishing login forms when users open up apps for targeted platforms to steal credentials. This overlay screen will be shown over the real app’s login screen to make victims think it’s a legitimate login form when in reality, inputted credentials are sent to the attackers.

There is no concrete information on the actors who currently distribute Anubis, as they were careful enough to hide their C2 infrastructure registration trace.

In the last week, our intelligence analysts identified new domains used to spread the malware campaign.

You can find the IOCs here: https://otx.alienvault.com/pulse/6293f0b30be7983c4bae2879

Written by: Mjolnir Security

Previous post

todayFebruary 3, 2021

  • 51
  • 1
Featuredstar
close

News Mjolnir Security

Fall of Emotet

On January 27, 2021, news broke from Europol that a collaborative effort had effectively taken down and disrupted one of the most significant botnets in the past decade – Emotet. ...


Similar posts

News Mjolnir Security / March 27, 2023

Learning from the Past: Top 10 Data Breaches in the Last 10 Years and How Mjolnir Security Can Help

Introduction Cybersecurity has never been more critical in our increasingly digital world. As technology advances, cybercriminals are finding new ways to exploit vulnerabilities and access sensitive information. In the past five years, we’ve witnessed some of the most significant and damaging data breaches in history. By examining these incidents, we can learn valuable lessons about ...

Read more trending_flat

News Mjolnir Security / March 24, 2023

Mjolnir Security’s eDiscovery Service: Discover, Analyze, and Protect Sensitive Data

Introduction Mjolnir Security is proud to present its state-of-the-art eDiscovery service, designed to provide comprehensive support to clients in the realms of Digital Forensics, data protection, and regulatory compliance. Our eDiscovery service is specifically tailored to help clients identify, analyze, and manage Personally Identifiable Information (PII), Protected Health Information (PHI), Personal Financial Information (PFI), and ...

Read more trending_flat