The BRATA malware campaign on Android wasn’t enough to make users of the green robot worry. It seems that Anubis banking malware has also returned on apps related to banking institutions around the world, cryptocurrencies wallets and virtual payment platforms.
As Bleeping Computer initially reported by Lookout experts, Anubis would target customers from around 400 financial institutions globally. The campaign is currently affecting mainly French users, i.e. customers of the Orange SA telephone operator.
The spread would, of course, take the form of false versions of ‘official’ applications, which are shown to the public on third-party stores of applications or through web portals that invite the user to download this app to access the platform data.
In doing so, the bank trojan Anubis tries to steal sensitive data from the wrongdoer and, in the worst cases, infiltrates the device by monitoring SMS, recording the screen, extracting files and also collecting GPS data. The permissions that it gets after installation are multiple, but there is an important detail not to underestimate: to get access to the device, the virus first sends a false system warning asking for the decommissioning of Google Play Protected, service of Big G
In other words, users will have more ways to avoid Anubis: the most immediate concerns the blocking of third-party applications and paying attention to websites that you visit. In the event, however, the target installs the infected l’app, the last chance not to be infected will be the said system warning. At present, Anubis seems to have spread more widely between France and the United States, but it is not to be excluded that it is returning to the country in the applications of the main banking institutions. As always, our advice is to be extremely vigilant during online activity, especially from smartphones.
Staying in the Android world, just a few days ago the Play Store filled with gift content.