Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
Log4j: List of vulnerable products and vendor advisories
Microsoft fixes Windows AppX Installer zero-day used by Emotet
Telecom operators targeted in recent espionage hacking campaign
New ransomware now being deployed in Log4Shell attacks
DHS announces ‘Hack DHS’ bug bounty program for vetted researchers
Windows 11 KB5008215 update released with application, VPN fixes
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
The Anubis Android banking malware is now targeting the customers of nearly 400 financial institutions in a new malware campaign.
The threat actors target financial institutions, cryptocurrency wallets, and virtual payment platforms by impersonating an Orange S.A. Android app that attempts to steal login credentials.
The report comes from researchers at Lookout, who note that the malicious campaign is still in the testing and optimization phase.
Anubis first appeared on Russian hacking forums in 2016, shared as an open-source banking trojan with instructions on implementing its client and components.
In the years that followed, Anubis received further development work, and its newer code continued to be openly shared between actors.
In 2019, the malware added what appeared to be an almost functional ransomware module and found its way into Google’s Play Store through fake apps.
In 2020, Anubis returned through large-scale phishing campaigns, targeting 250 shopping and banking apps.
Anubis will display fake phishing login forms when users open up apps for targeted platforms to steal credentials. This overlay screen will be shown over the real app’s login screen to make victims think it’s a legitimate login form when in reality, inputted credentials are sent to the attackers.
In the new version spotted by Lookout, Anubis now targets 394 apps and has the following capabilities:
Like previous versions, the newest Anubis detects if the compromised device has Google Play Protected enabled and pushes a fake system alert to trick the user into disabling it.
This deactivation gives the malware full access to the device, and the freedom to send and receive data from the C2 without any interference.
The actors attempted to submit an “” package to the Google Play store in July 2021, but the app was rejected.
Lookout believes this was just an attempt to test Google’s anti-malware detectors, as threat actors only partially implemented the obfuscation scheme.
This apps optimization and obfuscation is ongoing, concerning both the C2 communications and the app’s code.
The distribution of the fake Orange app is currently taking place via malicious websites, direct messages on social media, smishing, and forum posts.
Lookout’s threat researcher Kristina Balaam told Bleeping Computer that this campaign isn’t targeting only French customers of Orange S.A., but American users as well.
While we can’t be certain whether the app has been used in a successful attack, we do know they are targeting US banks including Bank of America, U.S. Bank, Capital One, Chase, SunTrust, and Wells Fargo.
There is no concrete information on the actors who currently distribute Anubis, as they were careful enough to hide their C2 infrastructure registration trace.
The actor uses Cloudflare to redirect all network traffic through SSL, while the C2 masquerades as a cryptocurrency trading website using the domain “hhtps://quickbitrade[.]com”.
The communications between Anubis and the C2 aren’t properly secured yet, but the admin panel area is beyond reach.
Considering that Anubis code circulates numerous underground hacking forums, the number of hackers using it is large, and making connections with threat actor online personas is complicated.
Customers of Orange S.A. are advised to only source the app from the telco’s official website or the Google Play store.
Additionally, pay attention to the requested permissions before granting your approval whenever you download and install an app.
Android banking malware infects 300,000 Google Play users
Malicious Android app steals Malaysian bank credentials, MFA codes
Flubot Android malware now spreads via fake security updates
Over nine million Android devices infected by info-stealing trojan
Android malware BrazKing returns as a stealthier banking trojan
Not a member yet? Register Now
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
Kronos ransomware attack may cause weeks of HR solutions downtime
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

T-Mobile says it blocked 21 billion scam calls this year

Microsoft warns of easy Windows domain takeover via Active Directory bugsUK govt…

Facebook to delete 1 billion faceprints in Face Recognition shutdown

CISA orders federal agencies to fix hundreds of exploited security flawsUS sanctions…

Western Digital warns customers to update their My Cloud devices

TellYouThePass ransomware revived in Linux, Windows Log4j attacksCredit card info of 1.8…

Philips healthcare infomatics solution vulnerable to SQL injection

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…