12 applications being used to distribute malware Anubis and Spynote which steals banking and personal information. Countries affected include Armenia, India, Brazil, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia, and Singapore. The application is modeled after legitimate applications, specifically Coronavirus. The application asks for accessibility services. Once enabled, the permissions run in the background and hides the application icon from the application drawer. Its primary functions are accessing SMS, GPS, Location data, contacts, capturing photos, and other functions of the device infected. This infected malware then installs the legitimate application upon hiding the malicious application.
Anubis is a banking trojan utilizing overlays to steal credentials as well as accessing infected devices whereas Spynote asks for other SMS, GPS, Location data, contacts, capturing photos, and other functions of the device infected.