Technology Tips

December 31, 2021

This Android Banking Malware Is Back

Written By Securafy Team

We haven't heard much about Anubis in recent months. Anubis is the nasty Android-based banking Trojan that has made headlines on more than one occasion.

If history is any guide at all Anubis will soon be making headlines again.  It's back and based on the findings from researchers at Lookout the hackers controlling the malware mean business.

Anubis has been around since at least 2016 when its source code appeared on a variety of Russian hacking forums. Some open-source projects don't get much love but Anubis has received regular updates that have kept it current and made it more dangerous than ever. Although it's been a while since the malware was used in a major campaign there are warning signs that things are about to change.

As an example, in 2019  a copy of Anubis was found embedded in an app in the Google Play Store with a not quite functional ransomware module. It was probably placed there as a test. In 2020 Anubis briefly resurfaced courtesy of a large-scale phishing campaign that targeted more than 250 shopping and banking apps.

The Lookout researchers were able to grab a copy of the malware they found circulating in the wild. Based on their findings the newly enhanced malware will be used in a large-scale campaign that will target nearly 300 apps.

Additionally, its latest improvements leave it with the following capabilities:

  • Recording screen activity and sound from the microphone
  • Implementing a SOCKS5 proxy for covert communication and package delivery
  • Capturing screenshots
  • Sending mass SMS messages from the device to specific recipients
  • Retrieving contacts stored on the device
  • Sending, reading, deleting, and blocking notifications for SMS messages received by the device
  • Scanning the device for files of interest to exfiltrate
  • Locking the device screen and displaying a persistent ransom note
  • Submitting USSD code requests to query bank balances
  • Capturing GPS data and pedometer statistics
  • Implementing a keylogger to steal credentials
  • Monitoring active apps to mimic and perform overlay attacks
  • Stopping malicious functionality and removing the malware from the device

In other words, Anubis appears to be back from the dead and the coming months will probably be interesting as if we needed that!

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.