July 9, 2019 By David Bisson 2 min read

Security researchers uncovered more than 17,000 samples of the Anubis Android malware family stored on two related servers.

While tracking the activity of the Android malware, Trend Micro came across two related servers that contained 17,490 samples of Anubis. After analyzing two of the samples, the researchers found that they requested certain URLs and parsed an XML file to download a malicious app. Anubis then used that malicious app to target 188 banking- and finance-related apps, the vast majority of which were based in Poland, Australia, Turkey and Germany.

In its analysis, Trend Micro found two labels in the samples — Operatör Güncellemesi (which means “Operator Update” in Turkish) and Google Services — and reasoned that Anubis’ handlers likely use the labels as social engineering lures. Even so, those samples bearing one label over the other had slightly different routines. For instance, the analysts needed to unpack variants with the Google Services label before they could access their information-stealing capabilities. They didn’t need to perform this step for variants that arrived with the Operatör Güncellemesi label.

Yet Another Anubis Malware Sighting

In July 2018, IBM X-Force reported that several developers had uploaded downloaders for Anubis and other Android malware to the Google Play store. The following January, Trend Micro discovered two additional apps on Google Play that contained the malware. In both instances, Anubis exploited motion sensor data as a means of evasion.

News of this campaign arrived just a few months before Bleeping Computer reported on a new variant of Anubis that contained a ransomware module.

How to Defend Against Android Malware

The most basic way to help defend against Android malware like Anubis is to follow mobile best security practices, such as keeping devices current with the latest updates and limiting app installations on corporate devices to work-related programs created by trusted developers on official marketplaces. Solutions that leverage artificial intelligence can also help increase the accuracy of manual mobile threat analysis on a large scale.

More from

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today