The Anubis banking Trojan attracted a lot of news in the last year, the virus is making its way to Android devices. The virus is trespassing into the device through infected downloads from Google Play Store. This new malware is gaining access to the device services. It is able to steal the login credentials of banking apps, payment cards and e-wallets.
Online Banking full of threats:
The malware Anubis was enabled by “dropper” with intentions to harm the device. Anubis has proven the ability to infect Google Play and plant perilous downloads under the appearance of gentle looking apps. BianLian was the dropper who is responsible for dropping Anubis onto devices. The malware disguises by being a simple app like currency converters, discounter apps and device cleaners.
Android banking malware – #Anubis – is highly active.
Today, in only couple of hours, download link with Anubis Trojan was open over 14,000 times.
— Lukas Stefanko (@LukasStefanko) February 20, 2019
Threat Fabric has reported that in order to stay longer on victims device they have evolved the app nicely. The droppers have worked to make the ratings of the app on Play Store to be nice. The name BianLian originates from a Chinese word. BianLian is a Chinese Theatrical Art of changing from one face to other instantaneously. The researchers have also predicted that BianLian is on the way of becoming a full-blown banking Trojan itself.
Now BianLian has returned to do exactly what the reporters predicted. Researchers at Fortinet have reported that the new and improved version of the Anubis has become a sophisticated malware. Once BianLian gets the accessibility services of device then the attack can easily begin. Financial windows can be recorded using the screencast module to get passwords and username.
Google Play unsafe after all the measures:
A sophisticated channel for communication can easily pass on the details to the cyber criminals for the attack. The dropper is designed in such a way that it steals itself from Google Play security standards easily.
Anubis – Android Banking Malware – found again on Google Play.
Two apps are still available on GP with 1K+ installs for each.
Targets #Turkey 🇹🇷.
Can't get payload, even though server is running.
I uploaded samples to @virusbay_io #DetectOrDieTryinhttps://t.co/1Rp2m5Hcj2 pic.twitter.com/CqmVuzyZLj
— Lukas Stefanko (@LukasStefanko) July 10, 2018
Mobile banking malware has been on rising from a few years as they have tripled in the last few years. A thousand of such apps have been reported and are still available for downloads, so Google has a lot of work to do.