ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Anubis

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Anubis

NamesAnubis
BankBot
Go_P00t
CategoryMalware
TypeBanking trojan, Backdoor, Keylogger, Info stealer, Credential stealer
Description(Trend Micro) The Anubis malware masquerades as a benign app, prompts the user to grant it accessibility rights, and also tries to steal account information. Banking trojans usually launch a fake overlay screen when the user accesses a target app and tries to steal information when the user inputs account credentials into the overlay. However, Anubis’ process is a little different. It has a built-in keylogger that can simply steal a users’ account credentials by logging the keystrokes. The malware can also take a screenshot of the infected users’ screen, which is another way to get the victims credentials.
Information<https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/>
<https://blogs.quickheal.com/android-malware-combines-banking-trojan-keylogger-ransomware-one-package/>
<https://securityintelligence.com/after-big-takedown-efforts-20-more-bankbot-mobile-malware-apps-make-it-into-google-play/>
<https://securityintelligence.com/anubis-strikes-again-mobile-malware-continues-to-plague-users-in-official-app-stores/>
<http://b0n1.blogspot.de/2017/05/tracking-android-bankbot.html>
<http://blog.koodous.com/2017/04/decrypting-bankbot-communications.html>
<https://www.welivesecurity.com/2017/11/21/new-campaigns-spread-banking-malware-google-play/>
<http://blog.koodous.com/2017/05/bankbot-on-google-play.html>
<https://www.fortinet.com/blog/threat-research/bankbot-the-prequel.html>
<https://eybisi.run/Mobile-Malware-Analysis-Tricks-used-in-Anubis/>
<https://pentest.blog/n-ways-to-unpack-mobile-malware/>
<https://info.phishlabs.com/blog/new-variant-bankbot-banking-trojan-aubis>
<https://www.fortinet.com/blog/threat-research/a-look-into-the-new-strain-of-bankbot.html>
<https://sysopfb.github.io/malware,/reverse-engineering/2018/08/30/Unpacking-Anubis-APK.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/apk.anubis>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Anubis>

Last change to this tool card: 23 May 2020

Download this tool card in JSON format

All groups using tool Anubis

ChangedNameCountryObserved

Unknown groups

 _[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key