Cyber-attack on Financial Apps
Hundreds of financial applications are being targeted by a threat campaign featuring a new strain of the Anubis Android banking trojan malware.
Researchers observed the banking malware masquerading as an account management application created by France's largest telecommunications company, Orange S.A., to target customers of nearly 400 financial institutions, virtual payment platforms, and crypto-currency wallets.
Victims of Anubis suffer their personal data’s being exfiltrated from their mobile device then exploited for financial gain. The malware accesses victims' information by intercepting SMSs, keylogging, GPS data collection, file exfiltration, screen monitoring, and abusing the accessibility services of a device.
This latest distribution of Anubis can record a device's screen activity and sound from its microphone, capture screenshots, retrieve contacts and send mass SMS messages to specified recipients, and submit USSD code requests to query bank balances. It can also lock the screen of a device and cause a ransom note to be displayed.
The malicious app, with a package name of 'fr.orange.serviceapp', landed in the Google Play store at the end of July 2021. Lookout's researchers believe its creators sought to test Google's antivirus capabilities.
To disguise the criminal