AnubisSpy Malware: Stealing photos, videos & spying on Android users

Haythem Elmir

Android devices seem to be the most preferred target for hackers as there have so far been multiple incidents involving malware, ransomware and cryptocurrency miner apps designed to infect Android devices. Now, security experts have identified a new Android malware that has been dubbed as AnubisSpy.

This particular malware targets Arabic speaking users and its primary attack domain seems to be the Middle East. Researchers have linked this malware with the Sphinx cyberespionage campaign, which was discovered in 2014-15 and launched by the APT-C-15 group, mainly because it also targeted users across the Middle East.

More: Loapi malware physically damages Android devices

The malware was discovered by Trend Micro’s Mobile Threat Response Team and their findings were disclosed on December 19th. According to their research, AnubisSpy is equipped with wide-range data-stealing capabilities and it can also spy upon the user’s activities.

Trend Micro’s team assessed seven apps on Google Play and third-party marketplaces and found them to be containing AnubisSpy. These apps were written in Arabic language and were found to be related to Egypt such as some apps showcased Middle Eastern news and Egyptian television show. The apps had fake Google certificates and were installed only in a handful of countries.

“The apps mainly used Middle East-based news and sociopolitical themes as social engineering hooks and abused social media to further proliferate. Versions of AnubisSpy posed as social news, promotional, healthcare, and entertainment apps,” explained Trend Micro’s researchers in their blog.

AnubisSpy can steal SMS messages, contacts, photos, videos, email accounts, Samsung and Chrome internet browser histories and can also capture screenshots and configuration files of Twitter, Facebook, Skype and WhatsApp due to which it is capable of spying on these apps. It can also self-destruct to hide its tracks and delete the data on infected devices.

The file structures, JSON file decryption method, C&C server, and targets have a stark resemblance to the Sphinx campaign. It is possible that the authors of AnubisSpy malware are also the operators of Sphinx campaign or they might be other actors.

To read the original article:


Laisser un commentaire

Next Post

Apple Admits Deliberately Slowing Older iPhones — Here’s Why

Why is my iPhone slow? Do you also ask this question again and again? Well, the biggest conspiracy theory floating around from years that Apple deliberately slows down performance on your older iPhones whenever the company is about to launch the next version of its flagship to push its sale […]