Home Blog 17,000 Samples of Anubis Mobile Malware 17,000 Samples of Anubis Mobile Malware BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. Various vendor reports indicate an approximate 50% increase in mobile banking malware from 2018 to 2019. The financial sector experiences more phishing and man-in-the-middle (MitM) attacks via mobile devices than any other industry. Attackers are targeting user devices to access the sensitive financial data they contain. Research indicates that poor user security practice is the leading cause of mobile infections. Complicating security, many mobile devices connecting to the enterprise infrastructure (one report states 42%) have side-loaded applications installed from sites or databases outside of regulated application stores. Mobile malware developers are beginning to mold mobile malware in the way traditional malware works. Current mobile banking malware is capable of stealing payment data, credentials, and funds from victim bank accounts. Due to their success, mobile malware is generating substantial operating funds for developers. This allows them to further enhance their wares. Major malware families, such as Asacub and Anubis, are widely available to mobile malware builders on the dark web. This is resulting in the creation of countless new variants of mobile malware ready for mass distribution. Anubis is one of the most popular mobile malware available today. Anubis has integrated a wide array of techniques such as: Tapping into mobile devices’ motion-based sensors to elude sandbox analysis Displaying malicious overlays to steal PII Using malicious short links on social media accounts for C2 communications Researchers have observed attacker-owned Twitter accounts using Google short links for C2 communications. Some of these accounts have been active for approximately 12 years. Researchers at Trend Micro recently uncovered over seventeen thousand samples of Anubis on two servers. The researchers assessed that within these samples, those with specific labels appear to have different routines from others. Some of the analyzed samples have targeted financial applications from which they are coded to steal personal and financial data. In total, researchers have estimated that Anubis targets 188 banking and finance-related applications in countries such as Poland, Australia, Turkey, Germany, France, Italy, Spain, U.S., and India. * Source: Trend Micro blog – Anubis Android Malware Returns with Over 17,000 Samples, July 8, 2019 Share: Facebook Twitter LinkedIn Related reading Ransomware Why Are the Consequences of Ransomware Attacks Rarely Fully Understood? May 24, 2022 According to BlueVoyant’s ransomware research, unsuspecting victims suffer the consequences, such as layoffs, medical treatment delays, travel… Read more Ransomware From Ransomware to the U.K.’s Cybersecurity Strategy May 20, 2022 In the past couple of years, ransomware attacks have doubled and – in some instances – quadrupled in frequency, as noted in BlueVoyant’s Ransomware… Read more Microsoft Security BlueVoyant Awarded L4 Cloud Security Rockstar Team from Microsoft Private Security Community May 17, 2022 This week, Caleb Freitas and Mona Ghadiri received the L4 Cloud Security Rockstar Team award on behalf of BlueVoyant. Read more
BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. Various vendor reports indicate an approximate 50% increase in mobile banking malware from 2018 to 2019. The financial sector experiences more phishing and man-in-the-middle (MitM) attacks via mobile devices than any other industry. Attackers are targeting user devices to access the sensitive financial data they contain. Research indicates that poor user security practice is the leading cause of mobile infections. Complicating security, many mobile devices connecting to the enterprise infrastructure (one report states 42%) have side-loaded applications installed from sites or databases outside of regulated application stores. Mobile malware developers are beginning to mold mobile malware in the way traditional malware works. Current mobile banking malware is capable of stealing payment data, credentials, and funds from victim bank accounts. Due to their success, mobile malware is generating substantial operating funds for developers. This allows them to further enhance their wares. Major malware families, such as Asacub and Anubis, are widely available to mobile malware builders on the dark web. This is resulting in the creation of countless new variants of mobile malware ready for mass distribution. Anubis is one of the most popular mobile malware available today. Anubis has integrated a wide array of techniques such as: Tapping into mobile devices’ motion-based sensors to elude sandbox analysis Displaying malicious overlays to steal PII Using malicious short links on social media accounts for C2 communications Researchers have observed attacker-owned Twitter accounts using Google short links for C2 communications. Some of these accounts have been active for approximately 12 years. Researchers at Trend Micro recently uncovered over seventeen thousand samples of Anubis on two servers. The researchers assessed that within these samples, those with specific labels appear to have different routines from others. Some of the analyzed samples have targeted financial applications from which they are coded to steal personal and financial data. In total, researchers have estimated that Anubis targets 188 banking and finance-related applications in countries such as Poland, Australia, Turkey, Germany, France, Italy, Spain, U.S., and India. * Source: Trend Micro blog – Anubis Android Malware Returns with Over 17,000 Samples, July 8, 2019 Share: Facebook Twitter LinkedIn Related reading Ransomware Why Are the Consequences of Ransomware Attacks Rarely Fully Understood? May 24, 2022 According to BlueVoyant’s ransomware research, unsuspecting victims suffer the consequences, such as layoffs, medical treatment delays, travel… Read more Ransomware From Ransomware to the U.K.’s Cybersecurity Strategy May 20, 2022 In the past couple of years, ransomware attacks have doubled and – in some instances – quadrupled in frequency, as noted in BlueVoyant’s Ransomware… Read more Microsoft Security BlueVoyant Awarded L4 Cloud Security Rockstar Team from Microsoft Private Security Community May 17, 2022 This week, Caleb Freitas and Mona Ghadiri received the L4 Cloud Security Rockstar Team award on behalf of BlueVoyant. Read more
Ransomware Why Are the Consequences of Ransomware Attacks Rarely Fully Understood? May 24, 2022 According to BlueVoyant’s ransomware research, unsuspecting victims suffer the consequences, such as layoffs, medical treatment delays, travel… Read more
Ransomware From Ransomware to the U.K.’s Cybersecurity Strategy May 20, 2022 In the past couple of years, ransomware attacks have doubled and – in some instances – quadrupled in frequency, as noted in BlueVoyant’s Ransomware… Read more
Microsoft Security BlueVoyant Awarded L4 Cloud Security Rockstar Team from Microsoft Private Security Community May 17, 2022 This week, Caleb Freitas and Mona Ghadiri received the L4 Cloud Security Rockstar Team award on behalf of BlueVoyant. Read more
