We haven’t heard much about Anubis in recent months. Anubis is the nasty Android-based banking Trojan that has made headlines on more than one occasion.
If history is any guide at all Anubis will soon be making headlines again. It’s back and based on the findings from researchers at Lookout the hackers controlling the malware mean business.
Anubis has been around since at least 2016 when its source code appeared on a variety of Russian hacking forums. Some open-source projects don’t get much love but Anubis has received regular updates that have kept it current and made it more dangerous than ever. Although it’s been a while since the malware was used in a major campaign there are warning signs that things are about to change.
As an example, in 2019 a copy of Anubis was found embedded in an app in the Google Play Store with a not quite functional ransomware module. It was probably placed there as a test. In 2020 Anubis briefly resurfaced courtesy of a large-scale phishing campaign that targeted more than 250 shopping and banking apps.
The Lookout researchers were able to grab a copy of the malware they found circulating in the wild. Based on their findings the newly enhanced malware will be used in a large-scale campaign that will target nearly 300 apps.
Additionally, its latest improvements leave it with the following capabilities:
In other words, Anubis appears to be back from the dead and the coming months will probably be interesting as if we needed that!