Home Blog 17,000 Samples of Anubis Mobile Malware 17,000 Samples of Anubis Mobile Malware BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. Various vendor reports indicate an approximate 50% increase in mobile banking malware from 2018 to 2019. The financial sector experiences more phishing and man-in-the-middle (MitM) attacks via mobile devices than any other industry. Attackers are targeting user devices to access the sensitive financial data they contain. Research indicates that poor user security practice is the leading cause of mobile infections. Complicating security, many mobile devices connecting to the enterprise infrastructure (one report states 42%) have side-loaded applications installed from sites or databases outside of regulated application stores. Mobile malware developers are beginning to mold mobile malware in the way traditional malware works. Current mobile banking malware is capable of stealing payment data, credentials, and funds from victim bank accounts. Due to their success, mobile malware is generating substantial operating funds for developers. This allows them to further enhance their wares. Major malware families, such as Asacub and Anubis, are widely available to mobile malware builders on the dark web. This is resulting in the creation of countless new variants of mobile malware ready for mass distribution. Anubis is one of the most popular mobile malware available today. Anubis has integrated a wide array of techniques such as: Tapping into mobile devices’ motion-based sensors to elude sandbox analysis Displaying malicious overlays to steal PII Using malicious short links on social media accounts for C2 communications Researchers have observed attacker-owned Twitter accounts using Google short links for C2 communications. Some of these accounts have been active for approximately 12 years. Researchers at Trend Micro recently uncovered over seventeen thousand samples of Anubis on two servers. The researchers assessed that within these samples, those with specific labels appear to have different routines from others. Some of the analyzed samples have targeted financial applications from which they are coded to steal personal and financial data. In total, researchers have estimated that Anubis targets 188 banking and finance-related applications in countries such as Poland, Australia, Turkey, Germany, France, Italy, Spain, U.S., and India. * Source: Trend Micro blog – Anubis Android Malware Returns with Over 17,000 Samples, July 8, 2019 Share: Facebook Twitter LinkedIn Related reading Blog Understanding the frailty of the software supply chain In December 2020, the cybersecurity industry faced its latest attack – SolarWinds. This hack reinforces the frailty of not only the software supply chain… Read more Blog Five Steps to Protect Your Supply Chain: A Board-Level Perspective Last month, the cybersecurity industry faced its latest major attack through a third-party IT management software company, SolarWinds. This breach… Read more Blog The Supply Chain is Part of Your Organization’s Security Posture SolarWinds was not the first supply chain cyber attack and it won’t be the last. Everyday companies find themselves compromised through their vendors, who… Read more
BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. Various vendor reports indicate an approximate 50% increase in mobile banking malware from 2018 to 2019. The financial sector experiences more phishing and man-in-the-middle (MitM) attacks via mobile devices than any other industry. Attackers are targeting user devices to access the sensitive financial data they contain. Research indicates that poor user security practice is the leading cause of mobile infections. Complicating security, many mobile devices connecting to the enterprise infrastructure (one report states 42%) have side-loaded applications installed from sites or databases outside of regulated application stores. Mobile malware developers are beginning to mold mobile malware in the way traditional malware works. Current mobile banking malware is capable of stealing payment data, credentials, and funds from victim bank accounts. Due to their success, mobile malware is generating substantial operating funds for developers. This allows them to further enhance their wares. Major malware families, such as Asacub and Anubis, are widely available to mobile malware builders on the dark web. This is resulting in the creation of countless new variants of mobile malware ready for mass distribution. Anubis is one of the most popular mobile malware available today. Anubis has integrated a wide array of techniques such as: Tapping into mobile devices’ motion-based sensors to elude sandbox analysis Displaying malicious overlays to steal PII Using malicious short links on social media accounts for C2 communications Researchers have observed attacker-owned Twitter accounts using Google short links for C2 communications. Some of these accounts have been active for approximately 12 years. Researchers at Trend Micro recently uncovered over seventeen thousand samples of Anubis on two servers. The researchers assessed that within these samples, those with specific labels appear to have different routines from others. Some of the analyzed samples have targeted financial applications from which they are coded to steal personal and financial data. In total, researchers have estimated that Anubis targets 188 banking and finance-related applications in countries such as Poland, Australia, Turkey, Germany, France, Italy, Spain, U.S., and India. * Source: Trend Micro blog – Anubis Android Malware Returns with Over 17,000 Samples, July 8, 2019 Share: Facebook Twitter LinkedIn Related reading Blog Understanding the frailty of the software supply chain In December 2020, the cybersecurity industry faced its latest attack – SolarWinds. This hack reinforces the frailty of not only the software supply chain… Read more Blog Five Steps to Protect Your Supply Chain: A Board-Level Perspective Last month, the cybersecurity industry faced its latest major attack through a third-party IT management software company, SolarWinds. This breach… Read more Blog The Supply Chain is Part of Your Organization’s Security Posture SolarWinds was not the first supply chain cyber attack and it won’t be the last. Everyday companies find themselves compromised through their vendors, who… Read more
Blog Understanding the frailty of the software supply chain In December 2020, the cybersecurity industry faced its latest attack – SolarWinds. This hack reinforces the frailty of not only the software supply chain… Read more
Blog Five Steps to Protect Your Supply Chain: A Board-Level Perspective Last month, the cybersecurity industry faced its latest major attack through a third-party IT management software company, SolarWinds. This breach… Read more
Blog The Supply Chain is Part of Your Organization’s Security Posture SolarWinds was not the first supply chain cyber attack and it won’t be the last. Everyday companies find themselves compromised through their vendors, who… Read more
