Anubis Android Malware

Security researchers at Trend Micro have provided details about numerous malicious apps they discovered abusing Google short links for command and control instructions. They identified 17,490 samples from two servers. Anubis was originally observed being used to conduct cyberespionage, but has since evolved to be utilized as banking malware.

It reportedly possesses the ability to steal a victim’s sensitive information, as well as containing ransomware traits. It employs techniques, such as the use of motion based sensors, to evade sandbox detection. The infection process begins once a user downloads a malicious app, which then accesses URLs to download the specified payload, receives commands from a command and control server, ultimately stealing the victim’s information.

Further details – https://blog.trendmicro.com/trendlabs-security-intelligence/anubis-android-malware-returns-with-over-17000-samples/

Indicators of Compromise

SHA256:

  • 9046270d735579bcedb6bb7c0a2ad21f9b5ef9432e46e733b36de964aecd3abc
  • 6079af3bab8bb0ba445cd0dd896d8c8d7845da3757755b4ef3af584d227e0490
  • 1acca6953081cfc12d5cbeda1990b93b3298b1adc3c6ffad624e454f5854736f
  • f767baadda60c618d7e14461831e7371a54cdf152b1fd5eb52a8aa4bb7300227

URLs:

  • http://demo.website.com/
  • http://ktosdelaetskrintotpidor.com
  • http://marksteylor.us/
  • http://sositehuypidarasi.com
  • https://blackleaf.top
  • https://firstdoxed.space
  • https://lskbfidsbvkjsfgakfjsdffsdfupdate.net
  • https://lskbfidsbvkjsfgakfjsdffsdfupdate.net/o1o/a16.php
  • https://ndudetto.top
  • https://playclints1.space
  • https://sositehuypidarasi.com
  • https://t.me/newpaparoni
  • https://t.me/thethe123
  • https://t.me/unite11

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: