Security researchers at Lookout have discovered the Anubis Android Banking malware is again wreaking havoc after being found targeting the customers of nearly 400 financial institutions, cryptocurrency wallets and virtual payment platforms.
This new malware campaign is also masquerading as the official account management application from leading French telecommunications company, Orange S.A.
The infamous Anubis is known for collecting significant data about its victim from their mobile device for financial gain. This is done using a number of techniques including intercepting SMSs, keylogging, file exfiltration, screen monitoring, GPS data collection and abuse of the device’s accessibility services.
It is understood that the Lookout team is working with Orange to remediate the issue and protect customers.
For those unaware, Anubis was first found across Russian hacking forums in 2016 and was leveraged as an open-source banking trojan with instructions on implementing its client and components.
Being a critical mobile threat, Lookout has revealed that Anubis has the following abilities:
- Recording screen activity and sound from the microphone
- Capturing screenshots
- Sending mass SMS messages from the device to specified recipients
- Retrieving contacts stored on the device
- Sending, reading, deleting, and blocking notifications for SMS messages received by the device
- Scanning the device for files of interest to exfiltrate
- Locking the device screen and displaying a persistent ransom note
- Capturing GPS data and pedometer statistics
- Implementing a keylogger to steal credentials
- Monitoring active apps to mimic and perform overlay attacks
Anubis even has the ability to prevent malicious functionality from interfering with its processes and from removing the malware from the device.
In order for Anubis to achieve this, it is stated that the malware needs to ensure the device owner enables third-party apps.
As of now, the threat actors behind this malware campaign or distribute Anubis are not known.
The full research blog can be found here: https://lookout.com/blog/anubis-targets-hundreds-of-financial-apps
