Security researchers have stumbled upon a new cybercrime campaign that uses the well-known Anubis malware.

According to security firm Lookout, the malware is targeting customers of nearly 400 different banks, virtual payment services and cryptocurrency wallets.

Lookout researchers have discovered a modified version of Anubis, which is distributed in a special way on smartphones. Cyber ​​criminals pose as an official account of Orange SA, France’s largest telecom provider, to gain access to your device.

The threat

Anubis is a so-called Trojan that collects important financial data from a target. The malware can also gain access to your messages, location and files.

To do all this, third-party apps must be allowed on a device. If Anubis detects that Google Play Protected is activated, the malware sends a fake system alarm to trick the user and disable the protection. When Google Play Protected is turned off, Anubis gets full access to a device.

Little is known about the creators of Anubis or who is behind the latest distribution campaign. According to various sources, the creator of the malware was arrested by the Russian authorities in 2019. However, the malware has since received updates. In 2020, Anubis made its full comeback in large-scale phishing attacks.

Categorized in:


Last Update: January 2, 2022