In December, 2017, malware researchers came across several apps that were published on Google Play and third-party app stores.
The apps had surveillance capabilities. Because of the name of the malware’s payload, watchdog, the researchers named the apps AnubisSpy.
Anubis Android Malware Back in New Campaigns
What’s happening in 2019? It appears that security researcher Lukas Stefanko came across an Android app which can steal PayPal credentials and can encrypt files from the device’s external storage. The malicious app can also lock the screen of the device, and it appears that what’s hidden behind the app is the well-known Anubis malware.
The latest Anubis campaigns are targeting banking information with the help of an inbuilt keylogger module or by taking screenshots of the user’s credentials. This is an interesting capability since most banking Trojans for Android are typically relying on overlay screens to obtain users’ credentials.
This is not the first time researchers detect Anubis samples with ransomware capabilities. Sophos researchers detected Anubis-infected apps in Google Play Store which encrypted files and used the .Anubiscrypt file extension. This is the same extension detected in the latest Anubis-carrying campaigns.
Some security experts believe that the latest app discovered by Stefanko is in fact a copy of another Android app. Another researcher, Nikolaos Chrysaidos, says that Anubis is currently being distributed via a multitude of other apps that are still found in Play Store.
What to do if you’re infected with the Anubis Android Trojan?
We’ve prepared a separate article which gives further information about the app that has been serving the Anubis malware.
Keep in mind that for the removal of this app, a simple uninstall may not be enough. You will need to make sure that your phone is clear from any forms of viruses and also remains protected against any infections in the future, too.
The [wplinkpreview url=”https://sensorstechforum.com/anubiscrypt-files-android-ransomware-remove/”] .AnubisCrypt ransomware should be fully gone with all its files and objects.
It is a good idea to move all your contacts and files to a computer, where you can try to fix them if a decryption tool comes out. Until then, you can simply do a hard reset of your device and change all your financial information and passwords used for all your apps.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: