Anubis Malware Returns: How This Android Bot Drains Bank Accounts

[2]

 
What is the Anubis Android Banking Botnet?Anubis operates as a modular banking trojan with botnet capabilities, allowing attackers to remotely control infected devices in coordinated campaigns. Unlike simpler malware, Anubis employs multiple evasion techniques including:
 

• Dynamic payload loading (downloads malicious components after installation)
  
• Advanced obfuscation (polymorphic code, anti-emulation checks)
  
• Banking app-specific targeting (custom overlays for 300+ financial apps)
  

Primary Infection Vectors:

• Fake apps masquerading as utility tools or popular services
  
• Compromised websites with drive-by downloads
  
• SMS phishing campaigns with malicious links
  
• Trojanized versions of legitimate apps on third-party stores
  

Detailed Technical Features1. Sophisticated Overlay Attacks

• Real-time screen monitoring detects when banking apps are opened
  
• Custom phishing overlays mimic legitimate login screens for:
  • Traditional banks (Chase, Wells Fargo, Barclays)
    
  • Payment apps (PayPal, Venmo, Zelle)
    
  • Cryptocurrency exchanges (Binance, Coinbase)
    
• Advanced input capture records credentials, PINs, and 2FA codes
  

2. Remote Access Trojan (RAT) Capabilities

• VNC server implementation for full device control
  
• Screen streaming allows attackers to view user activity in real-time
  
• Command execution via C2 server instructions
  
• File system access for document theft and further infection
  

3. Data Exfiltration Modules

• SMS interception for capturing OTP verification codes
  
• Contact list harvesting for spreading malware to new victims
  
• Keylogging for comprehensive input monitoring
  
• Clipboard monitoring to steal cryptocurrency addresses
  

 

4 Shared

Mirrored

Mega Nz

Media Fire

[4]

I am highly interested.