A new cybercrime campaign is spotted in the wild, and it's bringing back the notorious Anubis malware banking trojan. This malware can steal its victim's credit card details, SMS messages and GPS data, and take advantage of other accessibility services enabled in the infected device.
According to TechRadar, the Anubis malware was first recorded in 2016. It has a reputation for targeting customers of financial institutions related to cryptocurrency wallets and virtual payment platforms. The actor behind this Trojan is reportedly known as Maza-In, who was arrested by Russian authorities in 2019.
However, to the surprise of cybersecurity experts, the Trojan resurfaced in 2020 and targeted 250 shopping and banking apps. One of its latest versions even came with an "almost-functional" ransomware module, which malicious actors could use to encrypt data on a targeted device.
What Is Anubis Malware: Banking Trojan Explained
PCrisk discussed a few scam strategies that malicious actors use to deploy the Anubis malware in a victim's device. Users are recommended to watch out and stay away from websites or applications with these indicators.
Anubis malware reportedly exploits the COVID-19 threat and often scams its victims by impersonating a legitimate online resource. One strategy it uses is to present an "official" web page approved by the World Health Organization (WHO). Here, they urge people to download a form about life-saving COVID-19 prevention and protection methods. Downloading this form actually downloads the Anubis malware.
Another strategy is to offer 8 GB of free mobile internet to fight against the pandemic. Interested users are instructed to download, install and grant access to an app that will give out the free data. Rather than delivering the promise, the app will commence the Anubis infection.
The Anubis malware has a few detection names, depending on the scanner used. Some code names are:
- Avast: Android:Cerberus-F [Bank]
- BitDefender: Trojan.GenericKD.33540408
- ESET-NOD32: A Variant Of Android/TrojanDropper.Agent.EMX
- Kaspersky: HEUR:Trojan-Dropper.AndroidOS.Hqwar.bz
Android Malware: Symptoms of the Banking Trojan
Aside from using antivirus scanners, users can manually check their devices for possible symptoms of Anubis infection. Some indicators for an affected device are:
- Slow loading and processing performance
- System settings are being modified without user permission
- Dubious applications being installed without user permission
- High data usage
- High battery usage
- Browsers redirect users to rogue websites
- Increased count on intrusive advertisements
Up to date, Anubis banking trojan is observed to be an Android-specific malware. However, all users are advised to be wary of this malware because of its dangerous potential to steal personal information and bank account details. With all these data taken, malicious actors could also steal their victim's identities and impersonate them on the internet.
Anubis Malware Removal
Generally, all users are advised to be cautious when downloading files from the internet. Users should also be wary of the permissions they allow on their devices.
If a device is already infected, then users are recommended to apply for a "factory data reset." This might be the only solution to delete the Trojan hidden on the system.
Related Article: Cybersecurity Warning: Zero-Day Vulnerability in Apache Log4j Discovered in Minecraft, Other Apps
