Blog Layout

This Android Banking Malware Is Back

sccomputerguys • Dec 31, 2021

We haven't heard much about Anubis in recent months. Anubis is the nasty Android-based banking Trojan that has made headlines on more than one occasion.

If history is any guide at all Anubis will soon be making headlines again.  It's back and based on the findings from researchers at Lookout the hackers controlling the malware mean business.

Anubis has been around since at least 2016 when its source code appeared on a variety of Russian hacking forums. Some open-source projects don't get much love but Anubis has received regular updates that have kept it current and made it more dangerous than ever. Although it's been a while since the malware was used in a major campaign there are warning signs that things are about to change.

As an example, in 2019  a copy of Anubis was found embedded in an app in the Google Play Store with a not quite functional ransomware module. It was probably placed there as a test. In 2020 Anubis briefly resurfaced courtesy of a large-scale phishing campaign that targeted more than 250 shopping and banking apps.

The Lookout researchers were able to grab a copy of the malware they found circulating in the wild. Based on their findings the newly enhanced malware will be used in a large-scale campaign that will target nearly 300 apps.

Additionally, its latest improvements leave it with the following capabilities:

  • Recording screen activity and sound from the microphone
  • Implementing a SOCKS5 proxy for covert communication and package delivery
  • Capturing screenshots
  • Sending mass SMS messages from the device to specific recipients
  • Retrieving contacts stored on the device
  • Sending, reading, deleting, and blocking notifications for SMS messages received by the device
  • Scanning the device for files of interest to exfiltrate
  • Locking the device screen and displaying a persistent ransom note
  • Submitting USSD code requests to query bank balances
  • Capturing GPS data and pedometer statistics
  • Implementing a keylogger to steal credentials
  • Monitoring active apps to mimic and perform overlay attacks
  • Stopping malicious functionality and removing the malware from the device

In other words, Anubis appears to be back from the dead and the coming months will probably be interesting as if we needed that!

You May Need To Replace Old Cisco VPN Routers

By sccomputerguys 22 Jul, 2022
Do you own one or more of the following products made by Cisco? The RV110W Wireless-N VPN Firewall The RV130 VPN Router The RV130W Wireless-N Multifunction VPN Router The RV215W Wireless-N VPN ...

Some Requested Features May Be Coming To Microsoft Teams

By sccomputerguys 21 Jul, 2022
Do you use Microsoft Teams?  If so, you'll be thrilled to know that the Redmond Giant is continuing to pour resources into improving the software with a specific focus on audio and ...

It May Be Time To Update Your Business Logo

By sccomputerguys 20 Jul, 2022
Corporate branding can be worth its weight in gold and certain images are absolutely iconic.  The Golden Arches, the Nike "swoosh," and Apple's Apple all come to mind. Logo images give companies ...

Researchers Find New CPU Security Vulnerability

By sccomputerguys 19 Jul, 2022
Remember the Heartbleed scare we had a couple years back?  It was a nasty side-channel attack that was somewhat exotic and difficult to pull off, and it was absolutely devastating and sent ...

Ransomware Hackers Have Set Their Sights On Exchange Servers

By sccomputerguys 18 Jul, 2022
Microsoft Exchange servers are once more in the crosshairs of hackers around the world.  Most recently, hacking groups have been specifically targeting them to deploy BlackCat ransomware. As is common among ransomware ...

The Surprising Ways Mobile Technology Impacts Our Lives

By sccomputerguys 16 Jul, 2022
If you grew up in the days before the internet, it's absolutely staggering to think of all the ways that mobile technology has changed our lives (and mostly for the better). Remember ...

Edge Will Replace Internet Explorer After It Is Gone

By sccomputerguys 15 Jul, 2022
It may seem as though Internet Explorer is the browser that will not die, but according to Microsoft, it is now a step closer to breathing its last virtual breath. Microsoft has ...

New Panchan Botnet Targets Linux Servers

By sccomputerguys 14 Jul, 2022
If you're involved with IT Security at any level and if your network includes Linux servers, keep a watchful eye out for the new Panchan botnet. It first appeared in the wilds ...

How To Protect Your Company With Cybersecurity Awareness

By sccomputerguys 13 Jul, 2022
These days, companies spend significant sums of money to protect themselves from cyber criminals.  The threat matrix is vast, and attacks can come from almost any quarter. That is why many companies ...

Data Breach Hits One Of America’s Largest Healthcare Providers

By sccomputerguys 12 Jul, 2022
Do you receive healthcare of any kind from Kaiser Permanente?  If so, be aware that they recently published a data breach notification indicating that an unidentified attacker accessed an email account that ...
More Posts
Share by: