The Anubis malware is back on the Google Play Store and still wants your money!
After a first hit in the summer of 2018, the Anubis malware is back on the Google Play Store. It was Sophos who discovered the malware and warned Google who then reacted by removing thirty applications from its Android market.
But Anubis has a hard tooth and returns in new forms, still distributed within trusted applications in the Google play store.
The malware is like a Trojan horse: it masquerades as an application to calculate taxes, convert currencies, text editors, games But in fact its purpose is always the same, infect the smartphone of its target and start downloading the second part of Anubis from a remote server. This part is the most dangerous.
Once downloaded and installed, Anubis waits patiently for the user to launch their banking application or a payment app like Paypal or a merchant application like Amazon or eBay. Anubis then opens a fake information box on top of the application. question to try to recover your credentials and bank details.
But it’s not just on Android that Anubis is wreaking havoc, It’s also now widely available on Twitter and Telegram via messages containing malicious pieces of code. Sophos has already pointed to some accounts that spread the malware but there is no indication that all have been deleted or that others will not appear in the future, especially since some accounts also share these malicious codes in spite of themselves.