Trend Micro: Anubis Android malware is back with over 17,000 samples. It combines information theft and ransomware
Anubis Android malware is back with over 17,000 samples. It has been discovered by Trend Micro cyber security experts in two related servers. The malicious code, born as a cyber espionage tool, has been evolved in a cybercrime banking malware combining information theft and ransomware. It use a plethora of techniques, including the motion-based sensors, to elude sandbox analysis and overlays to steal personally identifiable information. It is also capable of hijacking a specified Activity (where an app starts its process). Anubis monitors the activity of the targeted apps, and once it determines that these apps are open or being used, the attacker can abuse the WebView feature to display the apps’ content on a web page. This can then be used to carry out overlay techniques to steal payment data or used as an attack vector for phishing.
The cyber security experts: Cybercrime behind it targets a total of 188 banking- and finance-related apps, many of which are in Poland, Australia, Turkey, Germany, France, Italy, Spain, U.S., and India
According to the cyber security experts, Anubis targets a total of 188 banking- and finance-related apps, many of which are in Poland, Australia, Turkey, Germany, France, Italy, Spain, U.S., and India. The malware’ C&C servers are distributed across different countries. Some are deployed by abusing a cloud service, while some abuse an internet data center (IDC) server. The cybercrime operators have been using social media channels like Twitter and Google short links to send commands since 2014. According to one of the accounts’ registration date, the attacker has probably been active for about 12 years. Trend Micro believes that the sheer amount of samples uncovered reflect how authors and operators are actively using their malware. Users should always practice security hygiene when installing apps, especially when the mobile devices are used in BYOD environments.