The Android banking Trojan Zanubis has adopted a new disguise, posing as the official application of the Peruvian government organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria), thereby tricking unsuspecting users.
Zanubis: The Android banking trojan
Discovered initially in August 2022, this malware focuses on Peruvian bank users and cryptocurrency holders, disguising itself as authentic Android applications. Zanubis manipulates users into granting Accessibility privileges, effectively relinquishing control of their devices.
What distinguishes Zanubis is its growing sophistication, as detailed in a recent Kaspersky report. This Trojan employs the Obfuscapk Obfuscator for Android APK archives, rendering it challenging to identify.
Upon infiltrating the victim’s device, it loads a genuine SUNAT website through WebView, effectively creating a facade of legitimacy. The Trojan establishes continuous communication with its controlling server via WebSockets and a library known as Socket.IO, ensuring connectivity even in challenging circumstances.
A concerning aspect of the Zanubis banking trojan is its adaptability. It can be remotely reconfigured to steal data from specific applications and establish a secondary connection, granting full control over compromised devices. It can also mimic an Android update, potentially disabling the device.
In the same report, Kaspersky researchers highlight additional threats alongside Zanubis. Among these is AsymCrypt, a cryptor/loader specifically engineered to target cryptocurrency wallets.
Furthermore, researchers discussed Lumma stealer, formerly known as Arkei, which retains 46% of its original features. It disguises itself as a .docx to .pdf file converter and activates its payload when the files return with a double .pdf.exe extension. Lumma primarily focuses on crypto wallets, pilfering cached files, configuration files, and log files.
Tatyana Shishkova, Chief Security Researcher at Kaspersky’s GReAT, stressed the need for continuous vigilance and staying informed about ever-evolving threats.
“The dynamic nature of these threats, exemplified by Lumma and the Zanubis banking trojan, highlights the ever-evolving malware landscape,” he noted.
“Expert reports are crucial for staying informed about the latest malicious tools and attacker techniques, empowering us to maintain an edge in the continuous struggle for digital security.”
To mitigate financially motivated threats, Kaspersky suggests implementing preventive measures such as offline backups, utilizing ransomware protection tools, and adopting dedicated security solutions.
In the modern age, malware stands out as a prominent digital security threat, targeting devices with the intent to pilfer personal information or carry out unauthorized malicious activities.