Home Blog 17,000 Samples of Anubis Mobile Malware 17,000 Samples of Anubis Mobile Malware BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. Various vendor reports indicate an approximate 50% increase in mobile banking malware from 2018 to 2019. The financial sector experiences more phishing and man-in-the-middle (MitM) attacks via mobile devices than any other industry. Attackers are targeting user devices to access the sensitive financial data they contain. Research indicates that poor user security practice is the leading cause of mobile infections. Complicating security, many mobile devices connecting to the enterprise infrastructure (one report states 42%) have side-loaded applications installed from sites or databases outside of regulated application stores. Mobile malware developers are beginning to mold mobile malware in the way traditional malware works. Current mobile banking malware is capable of stealing payment data, credentials, and funds from victim bank accounts. Due to their success, mobile malware is generating substantial operating funds for developers. This allows them to further enhance their wares. Major malware families, such as Asacub and Anubis, are widely available to mobile malware builders on the dark web. This is resulting in the creation of countless new variants of mobile malware ready for mass distribution. Anubis is one of the most popular mobile malware available today. Anubis has integrated a wide array of techniques such as: Tapping into mobile devices’ motion-based sensors to elude sandbox analysis Displaying malicious overlays to steal PII Using malicious short links on social media accounts for C2 communications Researchers have observed attacker-owned Twitter accounts using Google short links for C2 communications. Some of these accounts have been active for approximately 12 years. Researchers at Trend Micro recently uncovered over seventeen thousand samples of Anubis on two servers. The researchers assessed that within these samples, those with specific labels appear to have different routines from others. Some of the analyzed samples have targeted financial applications from which they are coded to steal personal and financial data. In total, researchers have estimated that Anubis targets 188 banking and finance-related applications in countries such as Poland, Australia, Turkey, Germany, France, Italy, Spain, U.S., and India. * Source: Trend Micro blog – Anubis Android Malware Returns with Over 17,000 Samples, July 8, 2019 Share: Facebook Twitter LinkedIn Related reading Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. Various vendor reports indicate an approximate 50% increase in mobile banking malware from 2018 to 2019. The financial sector experiences more phishing and man-in-the-middle (MitM) attacks via mobile devices than any other industry. Attackers are targeting user devices to access the sensitive financial data they contain. Research indicates that poor user security practice is the leading cause of mobile infections. Complicating security, many mobile devices connecting to the enterprise infrastructure (one report states 42%) have side-loaded applications installed from sites or databases outside of regulated application stores. Mobile malware developers are beginning to mold mobile malware in the way traditional malware works. Current mobile banking malware is capable of stealing payment data, credentials, and funds from victim bank accounts. Due to their success, mobile malware is generating substantial operating funds for developers. This allows them to further enhance their wares. Major malware families, such as Asacub and Anubis, are widely available to mobile malware builders on the dark web. This is resulting in the creation of countless new variants of mobile malware ready for mass distribution. Anubis is one of the most popular mobile malware available today. Anubis has integrated a wide array of techniques such as: Tapping into mobile devices’ motion-based sensors to elude sandbox analysis Displaying malicious overlays to steal PII Using malicious short links on social media accounts for C2 communications Researchers have observed attacker-owned Twitter accounts using Google short links for C2 communications. Some of these accounts have been active for approximately 12 years. Researchers at Trend Micro recently uncovered over seventeen thousand samples of Anubis on two servers. The researchers assessed that within these samples, those with specific labels appear to have different routines from others. Some of the analyzed samples have targeted financial applications from which they are coded to steal personal and financial data. In total, researchers have estimated that Anubis targets 188 banking and finance-related applications in countries such as Poland, Australia, Turkey, Germany, France, Italy, Spain, U.S., and India. * Source: Trend Micro blog – Anubis Android Malware Returns with Over 17,000 Samples, July 8, 2019 Share: Facebook Twitter LinkedIn Related reading Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more
Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more
Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
