Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki
Jump to: navigation, search

Stubsymbol.png This article is a stub. You can help by editing it.

File Type.apk
This box: view  talk  edit

Anubis is a trojan that steals PayPal credentials, encrypts files from the device's external storage, and locks the screen using a black screen. It disguises itself as a application. 


Behind the app's malicious behavior is an Anubis payload, a well-known Trojan designed to steal banking credentials, provide its masters with a RAT backdoor, and send SMS spam among other things.

Once Anubis is dropped by a malware downloader on a victim's compromised device, it starts collecting banking info either with the help of an inbuilt keylogger module or by taking screenshots when the user inserts credentials into apps, unlike other banking Trojans known to use overlay screens for the same task.

Anubis infected apps in the Play Store during August 2018, with the capability to encrypt files using an .Anubiscrypt file extension —the same extension the malware found by Stefanko used to encrypt his documents.