The banking Trojan 'Zanubis' has been further developed and poses as an official app of the Peruvian government organization SUNAT.
The Android banking Trojan Zanubis first appeared in August 2022 and initially targeted financial and crypto app users in Peru. He posed as a legitimate Android app to trick users into granting access permissions. In April of this year, those behind the malware went a step further and disguised Zanubis as an official app from the Peruvian government organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria). The Trojan is obfuscated using Obfuscapk – a popular obfuscator for Android APK files. Once he gets permission for device access, he loads a legitimate SUNAT website using WebViewer, thereby misleading the victim.
Attackers have full control over the infected device
Zanubis uses WebSockets and the Socket.IO library to communicate with the server. This allows the Trojan to adapt individually to the prevailing circumstances and maintain the connection even if technical problems arise. Zanubis does not have a fixed list of apps that it targets, but can steal data when specific apps are running through remote programming. In addition, the Trojan creates a second connection, allowing cybercriminals to gain full control of a specific device and, disguised as an Android update, is able to completely disable it.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/