Anubis malware is creating havoc in the Android app marketplace, with as many as 250 apps suspected to have been infected by it. Researchers at the computer security firm Cofense reveal the potential capabilities of a structured phishing campaign, which includes completely hijacking an Android mobile device, stealing user credentials, and extending to being even ransomware. Anubis simply overlays a custom login screen over the app’s login screen to capture user credentials keyed in, which can, then, be used to compromise large troves of critical personal information.
The malware is distributed in the form of an unsigned APK file, which, when executed, runs a fake Google Play Protect to trick the user into believing its authenticity, while disabling the genuine Play Protect. This is a gateway to allow the device to execute the unsigned APK file, which is then used by hackers to control the compromised headset.
Banking and financial apps are Anubis’ main targets, but they also include popular apps like Facebook, eBay, and Amazon to capture user credentials. The functions ranging from as trivial as capturing screenshots and opening URLs to potentially more dangerous activities like changing administration settings have been identified as Anubis’ capabilities. There have been instances where Anubis has morphed into ransomware by encrypting the host device data (both internal and external storage) using the RC4 cryptographic method. It potentially impacts Android OS, tracing back to version 4.0.3. Hence, it includes a wide variety of host devices under its umbrella.
Such has been Anubis’ aura that many spin-offs have already emerged in the hackers’ networks, which use its source code as a base. One such prevalent customized offering includes the mobile banking malware Gnip. Though there is not enough information available in the public domain to determine the range of attack vectors, it is fair to assume that Anubis’ capabilities extend beyond mobile users and also threaten enterprise and corporate environments to a large extent. With bring-your-own-device policies being the norm now and work email accounts configured in mobile devices, it is frightening to assume the prospect of a full-blown Anubis attack on the fragile security framework of many corporate establishments and the accompanying havoc which it could unleash.
Along with the malware, hackers can also push a powerful keylogger in mobile devices in the phishing campaign, which could capture keystrokes of virtually every app installed on infected devices. Worse enough, this could be controlled by the attacker remotely at their command. Anubis is getting more robust and powerful enough to take advantage of the latest smartphone features, like motion sensors, to evade its presence in the infected device and sit undetected.
In order to prevent such large-scale mishaps, it is highly recommended that mobile best security practices are followed without fail. In the arena of productivity hacks and sundry apps, it is tempting to install apps without thinking twice. Some activities could go a long way in ensuring a positive user experience. These include keeping the device’s operating system updated, limiting third-party app installations to a minimum, and double-checking before installing apps to see any unwarranted app behavior, installing apps from the official marketplace only and not from any untrusted website, etc. Developers should follow AppSealing’s guide to addressing the OWASP Mobile Top 10 risks for foolproof security.
AppSealing provides you with the much needed app security framework in such an uncertain malware-ridden environment. AppSealing empowers developers to apply scalable security solutions to their application within minutes without any coding whatsoever. Its RASP feature provides end-to-end protection to the app with features to protect app integrity at runtime, such as network packet sniffing tool, cheat tool detection, anti-debugging tool detection, restricting untrusted apps from having access to your app’s memory and code. An all-powerful dashboard provides crucial on-the-go inputs and threat analytics so that you can take decisions quickly. Use AppSealing today and prioritize app security like never before!