A naukri.com initiative
Securelist
6d
95
Image Credit: Securelist
Zanubis in motion: Tracing the active evolution of the Android banking malware
- Zanubis is a banking Trojan for Android that targeted banks, virtual cards, and crypto wallets in Peru, utilizing the accessibility permissions to steal banking data and credentials.
- The malware evolved in functionality and obfuscation methods, continuously refining its code, encryption algorithms, and social engineering tactics for a broader impact.
- Initially targeting financial institutions in Peru, Zanubis expanded its reach and capabilities over time, including overlay-based attacks and data exfiltration.
- New versions of Zanubis introduced significant obfuscation techniques, such as Obfuscapk, and integrated features like keylogging, screen recording, SMS interception, and fake system update blocks.
- In 2024, newer variants of Zanubis focused on reinforcing encryption, stealing device credentials, and expanding its target list to include virtual card providers and cryptocurrency wallets.
- 2025 saw further updates with new distribution tactics, deceptive strategies, silent installations, and a refined focus on targeting banks and financial institutions exclusively.
- Attributed to threat actors possibly based in Peru, Zanubis continues to pose a significant threat, emphasizing the importance of vigilance and awareness in combating evolving malware.
- The malware's continuous evolution and adaptability highlight the need for proactive measures to mitigate risks and safeguard against sophisticated cyber threats.
- Users and organizations are urged to stay informed, implement robust security measures, and remain vigilant in the face of evolving malware threats like Zanubis.
Read Full Article
5 Likes
For uninterrupted reading, download the app