Navigation X

Anubis Malware Returns: How This Android Bot Drains Bank Accounts

Submitted by zyanbolt100


 Anubis Malware Returns: How This Android Bot Drains Bank Accounts  781
zyanbolt100 Junior Member
3
Posts
3
Threads
OP 09-03-2025, 07:37 AM
#1
[Image: Anubis-android-banking-bot.png]
 
What is the Anubis Android Banking Botnet?Anubis operates as a modular banking trojan with botnet capabilities, allowing attackers to remotely control infected devices in coordinated campaigns. Unlike simpler malware, Anubis employs multiple evasion techniques including:
 
  • Dynamic payload loading (downloads malicious components after installation)
  • Advanced obfuscation (polymorphic code, anti-emulation checks)
  • Banking app-specific targeting (custom overlays for 300+ financial apps)
Primary Infection Vectors:
  • Fake apps masquerading as utility tools or popular services
  • Compromised websites with drive-by downloads
  • SMS phishing campaigns with malicious links
  • Trojanized versions of legitimate apps on third-party stores
Detailed Technical Features1. Sophisticated Overlay Attacks
  • Real-time screen monitoring detects when banking apps are opened
  • Custom phishing overlays mimic legitimate login screens for:
    • Traditional banks (Chase, Wells Fargo, Barclays)
    • Payment apps (PayPal, Venmo, Zelle)
    • Cryptocurrency exchanges (Binance, Coinbase)
  • Advanced input capture records credentials, PINs, and 2FA codes
2. Remote Access Trojan (RAT) Capabilities
  • VNC server implementation for full device control
  • Screen streaming allows attackers to view user activity in real-time
  • Command execution via C2 server instructions
  • File system access for document theft and further infection
3. Data Exfiltration Modules
  • SMS interception for capturing OTP verification codes
  • Contact list harvesting for spreading malware to new victims
  • Keylogging for comprehensive input monitoring
  • Clipboard monitoring to steal cryptocurrency addresses
 
Reply
brainsmith_1285 Junior Member
4
Posts
1
Threads
09-04-2025, 11:27 AM
#1
I am highly interested.
Reply




Users browsing this thread: 17 Guest(s)