MetaverseNFTCoins.com
  • NFT News
  • Crypto News
  • Blockchain
  • Regulations
  • Scams
No Result
View All Result
MetaverseNFTCoins.com
No Result
View All Result

Anubis malware resurfaces targeting crypto wallets and banking apps

December 17, 2021
in Scams
Reading Time: 4 mins read
A A
Anubis malware resurfaces targeting crypto wallets and banking apps
ShareShareShareShareShare

So far, 394 malicious apps have been identified that are spreading Anubis malware to steal financial and personal data from unsuspecting Android users.

Security researchers at Lookout security firm have identified a notorious new mobile malware campaign disguised as an official Orange Telecom account management app from Orange S.A, a leading telecommunication service provider in France. Reportedly, the malicious app delivers a modified variant of Anubis banking malware.

About Anubis Malware

Anubis was first identified in 2016 but now the malware has resurfaced and targeting clients of around 400 financial institutions, virtual payment platforms, and cryptocurrency wallets. These include Chase, Bank of America, Wells Fargo, and Capital One customers, etc.

Anubis malware sold on Russian cybercrime forum in 2016

Anubis is a dangerous banking trojan. It can collect sensitive financial data, steal victims’ SMS messages, exfiltrate files and log keys, extract GPS data, monitor screen display, and exploit other accessibility services enabled on the device.

Previously, the Anubis was found stealing photos, videos, and other sensitive content from Android devices. The same malware was also identified in COVID-19 related scams when crooks pushed fake govt-issued COVID-19 contact tracing apps which in reality were spreading Anubis and SpyNote malware.

How does the Attack Works?

When this fake app is downloaded, the embedded malware steals the victim’s personal data to hack the device. The malware creates a connection with the C2 server.

It then downloads another app to commence the SOCKSS proxy, letting the attacker enforce authentication for clients connected with their server and hiding communications between the C2 and the client. After the APK is retrieved and decrypted, it is saved as “‘FR.apk’ in ‘/data/data/fr.orange.serviceapp/app_apk.’”

Immediately, a scam message appears, requesting the user to disable Google Play Protect and allowing the attacker full control of the device.

Objective Behind the Campaign

Researchers noted that the primary goal of Anubis is to collect “significant data about the victim from their mobile device for financial gain.” It achieves this goal by intercepting SMS messages, file exfiltration, keylogging, and GPS data collection.

Anubis malware resurfaces targeting crypto wallets and banking apps

The C2 server of Anubis malware masquerades as a cryptocurrency exchange website.

The malicious version of the app was submitted to the Google Play Store this year in July. However, researchers believe that this is just the testing phase for a lethal new campaign that will soon surface.

“We found that obfuscation efforts were only partially implemented within the app and that there were additional developments still occurring with its command-and-control (C2) server. We expect more heavily obfuscated distributions will be submitted in the future,” Lookout’s report read.

The researchers identified around 394 unique apps. These apps were targeted by the malicious fr.orange.serviceapp, and the Anubis client was traced to a yet underdeveloped crypto trading platform.

“While we can’t be certain whether the app has been used in a successful attack, we do know they are targeting U.S. banks including Bank of America, U.S. Bank, Capital One, Chase, SunTrust, and Wells Fargo,” Lookout’s threat researcher Kristina Balaam said.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.


Credit: Source link

ShareSendTweetPinShare
Previous Post

StackOS Announces Node NFT Program Within an Initial 587% APY to Incentivize Early Users

Next Post

CryptoCurrencyWire Announces Re-Engagement with The North American Bitcoin Conference (BTC Miami)

Next Post
CryptoCurrencyWire Announces Re-Engagement with The North American Bitcoin Conference (BTC Miami)

CryptoCurrencyWire Announces Re-Engagement with The North American Bitcoin Conference (BTC Miami)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Weekly Updates

Breaking: Robinhood Twitter Hacked and Used to Promote Crypto Scam

Breaking: Robinhood Twitter Hacked and Used to Promote Crypto Scam

January 25, 2023
Good news for The Sandbox crypto

Good news for The Sandbox crypto

January 23, 2023
Logan Paul reveals WWE plans amidst CryptoZoo controversy

Logan Paul reveals WWE plans amidst CryptoZoo controversy

January 22, 2023
Ethos Wallet raises $4.2 million to build applications on the Sui blockchain

Ethos Wallet raises $4.2 million to build applications on the Sui blockchain

January 26, 2023
Dukascopy warns of a “clone phishing” scam

Dukascopy warns of a “clone phishing” scam

January 24, 2023
MetaverseNFTCoins.com

This is an online news portal that aims to provide the latest NFT news, crypto news, blockchain, regulations, scams, and much more stuff like that around the world. We promise to share only high quality content from the world's best crypto sources. Feel free to get in touch.

What’s New Here!

  • U.S. President Joe Biden’s administration released a statement on Jan 27
  • Will Jim Cramer’s Bitcoin Price Prediction Be Wrong Again?
  • Enjin Coin (ENJ) And Huobi Token (HT) Holders Begin Migration To Orbeon Protocol (ORBN)

Subscribe Now

Loading
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2021 - metaversenftcoins.com - All rights reserved!

No Result
View All Result
  • NFT News
  • Crypto News
  • Blockchain
  • Regulations
  • Scams

© 2021 - metaversenftcoins.com - All rights reserved!

  • bitcoinBitcoin (BTC) $ 23,448.00 2.06%
  • ethereumEthereum (ETH) $ 1,608.72 1.54%
  • tetherTether (USDT) $ 1.00 0.01%
  • usd-coinUSD Coin (USDC) $ 1.00 0%
  • bnbBNB (BNB) $ 315.44 3.08%
  • xrpXRP (XRP) $ 0.413182 0.31%
  • binance-usdBinance USD (BUSD) $ 1.00 0.01%
  • cardanoCardano (ADA) $ 0.389990 1.32%
  • dogecoinDogecoin (DOGE) $ 0.089781 0.99%
  • matic-networkPolygon (MATIC) $ 1.17 4.87%
  • okbOKB (OKB) $ 39.50 2.86%
  • solanaSolana (SOL) $ 24.51 1.05%
  • staked-etherLido Staked Ether (STETH) $ 1,604.49 1.39%
  • polkadotPolkadot (DOT) $ 6.58 1.95%
  • shiba-inuShiba Inu (SHIB) $ 0.000012 1.66%
  • litecoinLitecoin (LTC) $ 94.68 7.61%
  • avalanche-2Avalanche (AVAX) $ 20.68 0.43%
  • tronTRON (TRX) $ 0.063643 1.59%
  • uniswapUniswap (UNI) $ 6.88 2.15%
  • daiDai (DAI) $ 0.999458 0.01%
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 23,322.00 1.68%
  • cosmosCosmos Hub (ATOM) $ 13.52 1.74%
  • the-open-networkToncoin (TON) $ 2.49 0.77%
  • chainlinkChainlink (LINK) $ 7.35 0.91%
  • leo-tokenLEO Token (LEO) $ 3.66 1.72%
  • moneroMonero (XMR) $ 182.66 1.51%
  • ethereum-classicEthereum Classic (ETC) $ 22.29 2.63%
  • aptosAptos (APT) $ 18.03 5.71%
  • bitcoin-cashBitcoin Cash (BCH) $ 136.25 2.22%
  • stellarStellar (XLM) $ 0.093465 0.56%
  • apecoinApeCoin (APE) $ 6.11 1.97%
  • quant-networkQuant (QNT) $ 151.08 0.83%
  • nearNEAR Protocol (NEAR) $ 2.54 2.08%
  • crypto-com-chainCronos (CRO) $ 0.082136 1.01%
  • filecoinFilecoin (FIL) $ 5.36 1.31%
  • lido-daoLido DAO (LDO) $ 2.27 0.03%
  • algorandAlgorand (ALGO) $ 0.262889 3.44%
  • vechainVeChain (VET) $ 0.024669 2.32%
  • hedera-hashgraphHedera (HBAR) $ 0.068600 0.92%
  • internet-computerInternet Computer (ICP) $ 6.11 4%
  • decentralandDecentraland (MANA) $ 0.771743 11.01%
  • axie-infinityAxie Infinity (AXS) $ 11.94 3.44%
  • the-sandboxThe Sandbox (SAND) $ 0.788397 7.32%
  • aaveAave (AAVE) $ 86.95 1.31%
  • fantomFantom (FTM) $ 0.480240 4.72%
  • eosEOS (EOS) $ 1.10 0.79%
  • flowFlow (FLOW) $ 1.09 1.97%
  • elrond-erd-2MultiversX (EGLD) $ 45.07 1.37%
  • theta-tokenTheta Network (THETA) $ 1.11 2.67%
  • tezosTezos (XTZ) $ 1.16 5.31%