The Anubis malware, which threat actors use to persistently attack Google’s Android-based smartphones, is set to evolve once again, this time adding a feature that allows the malware to identify if a victim is looking at his or her screen.
The new feature is one of several that haven’t been released in the wild yet but are a part of an updated control panel for the malware that’s currently in development, researchers from security consulting firm Hold Security discovered, according to a report published online.
The panel is a web-based module that explores devices that have already been infiltrated by Anubis, researchers said. Threat actors use it to view and decide from which device they want to steal data as well as which services on devices to target.
The new control panel will add features that provide even more insight so attackers can fully take advantage of a device, Alex Holden, founder and chief information security officer of Hold Security, told Bank Info Security.
One key addition to the malware is a small eyeball icon included in the control panel that can be used to recognize whether a user of a device with Anubis installed is looking at the device or not. The idea is that an attacker won’t perform any nefarious activity on the device while the person is looking at it, he said.
The threat actors behind Anubis also are developing a way to integrate Yandex maps into the malware to show the location of infected devices, according to the report. However, this could be a superfluous addition, as the mobile network to which a device is attached is usually can tell a hacker where the phone is located, Holden noted in the report.