Researchers have discovered a new Android malware named AnubiSpy targeting Arabic speaking users or Middle East countries.
Researchers have discovered a new Android malware named AnubiSpy targeting Arabic speaking users or Middle East countries.Trend Micro's Mobile Threat Response Team who discovered the malware have linked it to the 2014-15 cyber espionage campaign Sphinx, which was launched by APC-T-15 to target users in the Middle East.
Read more on: New Targeted Attack in Middle East By Exploiting CVE-2017-11882 Microsoft VulnerabilityResearchers said they found seven apps containing AnubiSpy malware in Google play store and other third-party app marketplaces. They were also signed with fake Google certificates.“These apps were all written in Arabic and, in one way or another, related to something in Egypt (i.e., spoofing an Egypt-based TV program and using news/stories in the Middle East) regardless of the labels and objects in the apps. Our coordination with Google also revealed that these apps were installed across a handful of countries in the Middle East” said in the blog post published by Trend Micro.The malware is capable stealing messages, photos, videos, contacts, email accounts, calendar events, and browser histories. It also can take screenshots and record audio including calls.It can also spy on the victim through certain apps listed in its updatable configuration file which includes Skype, WhatsApp, Facebook, and Twitter.Researchers said that the files structure, command-and-control server, JSON file decryption technique, and targets of AnubiSpy malware has resemblance with Sphinx campaign which used watering hole attack to infects users using njRAT trojan.
Read more on: Triton Malware Targets Industrial Safety Systems in Middle EastAfter the malware collects the data, it encrypts the data and sends it to the C&C server. The malware is capable of self-destruction mechanism to cover its tracks and also capable of run commands, delete data on the device, install or uninstall Android Application Packages (APKs).The apps were developed as early as April 2015, and the latest version was released in May 2017.Trend Micro researchers informed Google about the issue on October 12 and worked with Google for further analyzing the malware. Updates were made to Google Play Protect to take appropriate action against apps who violated Google Play Policy.
Read more on: New ATM Malware PRILEX Targets Banks in BRAZIL