Anubis is a trojan that steals PayPal credentials, encrypts files from the device's external storage, and locks the screen using a black screen. It disguises itself as a application.
Behind the app's malicious behavior is an Anubis payload, a well-known Trojan designed to steal banking credentials, provide its masters with a RAT backdoor, and send SMS spam among other things.
Once Anubis is dropped by a malware downloader on a victim's compromised device, it starts collecting banking info either with the help of an inbuilt keylogger module or by taking screenshots when the user inserts credentials into apps, unlike other banking Trojans known to use overlay screens for the same task.
Anubis infected apps in the Play Store during August 2018, with the capability to encrypt files using an .Anubiscrypt file extension —the same extension the malware found by Stefanko used to encrypt his documents.