After it’s installed, the name of the app in the applications list will be “Video Player”, but the Anubis-patched variant is titled “Media Player”. One interesting case is with the “Media Player” application. If the user allows off-market installations, the app will continue to be loaded.įigure 2: warning to not install apps from unknown sourcesĪfter installing the fake applications, they will ask for full control over the device and, in some cases, ask for permission to record audio and manage the text messages. The first sign of a difference comes when a user gets a warning when trying to install the modified apps, because they are not sourced from the Google Play market. The third app shows how the malware authors have decided to use the current COVID-19 situation in their favor and distribute malware under the flag of a legit application. The three original apps shown are found on Google Play and are not malicious! The malicious ones are simply modified versions of the original ones with the added malware. Here below are three actual examples of the repackaged apps:įigure 1: the legit applications found in Google Play Trojan flying a false flag It’s a simple, but effective move: their novel packaging deal installs the original app and the Anubis banker on top of it. The Anubis strategy is to clone legit apps from Google Play, repackage the app along with their banking Trojan, and distribute it via third-party app markets. In addition, the malware can also take screenshots, take over text messaging, open URLs, and disable Google Play Protect. Not only does the victim get the app, they get a clever bit of malware that is ready to steal data and credentials from nearly 200 real banking and financial mobil apps that might be on their device. Anubis has a starring role in phishing and social engineering campaigns where victims are persuaded to download a real, certified app – but from outside the usual Google Play Store. The Anubis banking Trojan is back in action, ready to elbow out the newer Cerberus from the limelight.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |