It is distributed by masquerading as innocuous apps, primarily through Google Play Store.
The trojan has infected over 300 financial institutions worldwide since 2017.
Over the past few years, Android banking trojans have been a persistent threat. Attackers are continuously incorporating a wide range of malicious functionality within the Trojans to make them more effective and less susceptible to detections. One such example is the infamous Anubis trojan.
Origin: Anubis is an Android banking trojan and bot which derives its source code from the Maza-in banking trojan. The malware, also known as Android.BankBot.250.Origin by Dr. Web, was first discovered in 2017. It is distributed by masquerading as innocuous apps, primarily through Google Play Store. These apps can be fake mobile games, fake software updates, fake post/mail apps, fake utility apps, fake browsers, and even fake social-network and communication apps. The trojan has infected over 300 financial institutions worldwide since 2017.
Primary targets: Based on observations, it has been found that the malware mainly targets institutions providing services in Europe, Asia and America. It is also actively spreading its tentacles to institutions in Europe, West-Asia, North-America, and Australia.
Capabilities: Once launched, Anubis connects to the command-and-control server of the attackers to receive additional commands. Additionally, C2 communication also enables Anubis to:
Send SMS messages containing a defined text;
Execute USSD-request;
Send copies of SMS messages stored on the device;
Show push notifications whose contents are specified in the command;
Block the screen of the device window;
Send all the numbers from the contact list;
Request permission to access other crucial data;
Request permission to access device location;
Determine the IP address of an infected smartphone or tablet;
Clean up ..
Support the originator by clicking the read the rest link below.
