• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

AnubisSpy Malware: Stealing photos, videos & spying on Android users

December 20th, 2017 Waqas Security, Android, Malware 0 comments
AnubisSpy Malware: Stealing photos, videos & spying on Android users
Share on FacebookShare on Twitter

Android devices seem to be the most preferred target for hackers as there have so far been multiple incidents involving malware, ransomware and cryptocurrency miner apps designed to infect Android devices. Now, security experts have identified a new Android malware that has been dubbed as AnubisSpy.

This particular malware targets Arabic speaking users and its primary attack domain seems to be the Middle East. Researchers have linked this malware with the Sphinx cyberespionage campaign, which was discovered in 2014-15 and launched by the APT-C-15 group, mainly because it also targeted users across the Middle East.

More: Loapi malware physically damages Android devices 

The malware was discovered by Trend Micro’s Mobile Threat Response Team and their findings were disclosed on December 19th. According to their research, AnubisSpy is equipped with wide-range data-stealing capabilities and it can also spy upon the user’s activities.

Trend Micro’s team assessed seven apps on Google Play and third-party marketplaces and found them to be containing AnubisSpy. These apps were written in Arabic language and were found to be related to Egypt such as some apps showcased Middle Eastern news and Egyptian television show. The apps had fake Google certificates and were installed only in a handful of countries.

“The apps mainly used Middle East-based news and sociopolitical themes as social engineering hooks and abused social media to further proliferate. Versions of AnubisSpy posed as social news, promotional, healthcare, and entertainment apps,” explained Trend Micro’s researchers in their blog.

Structure of AnubisSpy’s modules (Image: TrendMicro)

AnubisSpy can steal SMS messages, contacts, photos, videos, email accounts, Samsung and Chrome internet browser histories and can also capture screenshots and configuration files of Twitter, Facebook, Skype and WhatsApp due to which it is capable of spying on these apps. It can also self-destruct to hide its tracks and delete the data on infected devices.

The file structures, JSON file decryption method, C&C server, and targets have a stark resemblance to the Sphinx campaign. It is possible that the authors of AnubisSpy malware are also the operators of Sphinx campaign or they might be other actors.

As far as the malicious apps are concerned, researchers stated that these were being launched since April 2015 and their latest variant was released in May 2017. Google was contacted by Trend Micro regarding the presence of malicious apps on 12 Oct 2017 and was requested to update Google Play Protect.

“While cyber espionage campaigns on mobile devices may be few and far between compared to ones for desktops or PCs, AnubisSpy proves that they do indeed occur, and may have been more active than initially thought,” noted Trend Micro researchers.

More: Dune! Game App Leaking Sensitive Data of Millions of Android Users

  • Tags
  • Android
  • Cyber Crime
  • Google
  • Google Play
  • internet
  • Malware
  • Play Store
  • Privacy
  • Scam
  • security
  • Spyware
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Youbit Bitcoin exchange quits operation after 2 hacks in 8 months
Next article New Cryptocurrency Mining Scheme Uses NSA Exploits EternalBlue & EternalSynergy
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

35
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

311
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

101

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us