Cyber-attack on Financial Apps

Cyber-attack on Financial Apps

Hundreds of financial applications are being targeted by a threat campaign featuring a new strain of the Anubis Android banking trojan malware.



The malicious campaign was detected by researchers at cybersecurity company and integrated endpoint-to-cloud provider Lookout.



Researchers observed the banking malware masquerading as an account management application created by France's largest telecommunications company, Orange S.A., to target customers of nearly 400 financial institutions, virtual payment platforms, and crypto-currency wallets.



Victims of Anubis suffer their personal data’s being exfiltrated from their mobile device then exploited for financial gain. The malware accesses victims' information by intercepting SMSs, keylogging, GPS data collection, file exfiltration, screen monitoring, and abusing the accessibility services of a device.



This latest distribution of Anubis can record a device's screen activity and sound from its microphone, capture screenshots, retrieve contacts and send mass SMS messages to specified recipients, and submit USSD code requests to query bank balances. It can also lock the screen of a device and cause a ransom note to be displayed.



The malicious app, with a package name of 'fr.orange.serviceapp', landed in the Google Play store at the end of July 2021. Lookout's researchers believe its creators sought to test Google's antivirus capabilities. 



To disguise the criminal nature of the malicious app, the cyber-criminals have perfectly mimicked its “Orange et Moi France” app icon, which shows a user and their device drawn in white against an orange background. 



However, eagle-eyed app users will notice that the resolution of the fake image used by the cyber-cri ..

Support the originator by clicking the read the rest link below.