Security researchers at Trend Micro have provided details about numerous malicious apps they discovered abusing Google short links for command and control instructions. They identified 17,490 samples from two servers. Anubis was originally observed being used to conduct cyberespionage, but has since evolved to be utilized as banking malware.
It reportedly possesses the ability to steal a victim’s sensitive information, as well as containing ransomware traits. It employs techniques, such as the use of motion based sensors, to evade sandbox detection. The infection process begins once a user downloads a malicious app, which then accesses URLs to download the specified payload, receives commands from a command and control server, ultimately stealing the victim’s information.
Indicators of Compromise