Analysis Summary
Anubis banking was developed in 2016 and the malware has been utilized as a trojan, keylogger, and ransomware. Recent Anubis malware samples utilize a mobile device’s accelerometer to avoid detection.
Fraudulent system update alerts and push notifications are used to trick the user into disabling security controls to achieve full exploitation of the device, for additional malware installation.
The malware’s logic detects installed financial applications and impersonates them.
Impact
Anubis banking trojan
Indicators of Compromise
URLs
Malware Hash (MD5/SHA1/SH256)
Remediation