Banking Trojan Zanubis disguises itself as a government app

27 October 2023
| No comments
Kaspersky_news

Share post

The banking Trojan 'Zanubis' has been further developed and poses as an official app of the Peruvian government organization SUNAT.

The Android banking Trojan Zanubis first appeared in August 2022 and initially targeted financial and crypto app users in Peru. He posed as a legitimate Android app to trick users into granting access permissions. In April of this year, those behind the malware went a step further and disguised Zanubis as an official app from the Peruvian government organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria). The Trojan is obfuscated using Obfuscapk – a popular obfuscator for Android APK files. Once he gets permission for device access, he loads a legitimate SUNAT website using WebViewer, thereby misleading the victim.

Attackers have full control over the infected device

Zanubis uses WebSockets and the Socket.IO library to communicate with the server. This allows the Trojan to adapt individually to the prevailing circumstances and maintain the connection even if technical problems arise. Zanubis does not have a fixed list of apps that it targets, but can steal data when specific apps are running through remote programming. In addition, the Trojan creates a second connection, allowing cybercriminals to gain full control of a specific device and, disguised as an Android update, is able to completely disable it.

More at Kaspersky.com

 

About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more

Short news
, , , ,