1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Anubis Android malware is back, and going after your banking apps

    From TechnologyDaily@1337:1/100 to All on Wed Dec 15 16:15:03 2021
    Anubis Android malware is back, and going after your banking apps

    Date:
    Wed, 15 Dec 2021 15:50:01 +0000

    Description:
    Multiple banks are being impersonated alongside French telecom giant Orange.

    FULL STORY ======================================================================

    Security researchers have uncovered a new cybercrime campaign using the notorious Anubis banking malware.

    According to security frm Lookout, the malware, which first surfaced in 2016, has returned and is targeting customers of almost 400 financial institutions, cryptocurrency wallets , and virtual payment platforms.

    Investigating a dangerous new mobile virus campaign, Lookout researchers discovering a modified version of Anubis being distributed through a novel
    way - by stealing the identity of one of the biggest telecommunication
    service providers in France - Orange S.A, and presenting itself as its "official" account management application. Under threat

    Anubis is a banking Trojan that collects valuable finance-related data such
    as SMS messages from the victim, but is also able to log keys, exfiltrate files, monitor the screen, harvest GPS data, and take advantage of other accessibility services enabled on the device.

    However, to do all that, it often needs to ensure the device owner enables third-party apps. If Anubis detects that the device has Google Play Protected enabled, it will push a fake system alert to try and deceive the user into disabling it. Only after Google Play Protected is disabled, does Anubis get full access to the target device and the ability to do the abovementioned actions.

    Very little is known about the creators of Anubis, or the malicious actors behind the latest distribution campaign. According to multiple media sources, the actor behind the Trojan is known as Maza-In, and was arrested by Russian authorities back in 2019. However, the malware did get a few updates at a later date, and in 2020, returned through large-scale phishing campaigns,
    when it went after 250 shopping and banking apps.

    One of the versions even came with an almost-functional ransomware module, as it enabled the attackers to encrypt the data on the target device. However, theres no record of Anubis being used in the wild as a ransomware. You might also want to check out our list of the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/anubis-android-malware-is-back-and-targeting-ba nking-apps/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)