Security researchers at Trend Micro have provided details about numerous malicious apps they discovered abusing Google short links for command and control instructions. They identified 17,490 samples from two servers. Anubis was originally observed being used to conduct cyberespionage, but has since evolved to be utilized as banking malware.

It reportedly possesses the ability to steal a victim’s sensitive information, as well as containing ransomware traits. It employs techniques, such as the use of motion based sensors, to evade sandbox detection. The infection process begins once a user downloads a malicious app, which then accesses URLs to download the specified payload, receives commands from a command and control server, ultimately stealing the victim’s information.

Further details – https://blog.trendmicro.com/trendlabs-security-intelligence/anubis-android-malware-returns-with-over-17000-samples/

Indicators of Compromise

SHA256:

• 9046270d735579bcedb6bb7c0a2ad21f9b5ef9432e46e733b36de964aecd3abc
• 6079af3bab8bb0ba445cd0dd896d8c8d7845da3757755b4ef3af584d227e0490
• 1acca6953081cfc12d5cbeda1990b93b3298b1adc3c6ffad624e454f5854736f
• f767baadda60c618d7e14461831e7371a54cdf152b1fd5eb52a8aa4bb7300227

URLs:

• http://demo.website.com/
• http://ktosdelaetskrintotpidor.com
• http://marksteylor.us/
• http://sositehuypidarasi.com
• https://blackleaf.top
• https://firstdoxed.space
• https://lskbfidsbvkjsfgakfjsdffsdfupdate.net
• https://lskbfidsbvkjsfgakfjsdffsdfupdate.net/o1o/a16.php
• https://ndudetto.top
• https://playclints1.space
• https://sositehuypidarasi.com
• https://t.me/newpaparoni
• https://t.me/thethe123
• https://t.me/unite11