Anubis Android Trojan Spotted with Almost Functional Ransomware Module

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
An Android application which steals PayPal credentials, encrypts files from the device's external storage, and locks the screen using a black screen was spotted in the Google Play Store by ESET malware researcher Lukas Stefanko.

Behind the app's malicious behavior is an Anubis Android banking Trojan malware payload, a well-known Trojan designed to steal banking credentials, provide its masters with a RAT backdoor, and send SMS spam among other things.

Once the Anubis banking Trojan is dropped by a malware downloader on a victim's compromised device, it starts collecting banking info either with the help of an inbuilt keylogger module or by taking screenshots when the user inserts credentials into apps, unlike other banking Trojans known to use overlay screens for the same task.

Anubis samples with ransomware features are not new, with Sophos previously discovering Anubis infected apps in the Play Store during August 2018 with the capability to encrypt files using an .Anubiscrypt file extension —the same extension the malware found by Stefanko used to encrypt his documents.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top