AnubisSpy

Description

(Trend Micro) AnubisSpy can steal messages (SMS), photos, videos, contacts, email accounts, calendar events, and browser histories (i.e., Chrome and Samsung Internet Browser). It can also take screenshots and record audio, including calls. It can spy on the victim through apps installed on the device, a list of which is in its configuration file that can be updated. This includes Skype, WhatsApp, Facebook, and Twitter, among others.

After the data are collected, they are encrypted and sent to the (C&C) server. AnubisSpy can also self-destruct to cover its tracks. It can run commands and delete files on the device, as well as install and uninstall Android Application Packages (APKs).

AnubisSpy has several modules, each of which has a separate role. AnubisSpy’s code is well constructed, indicating the developer/s’ know-how.

Names

Name
AnubisSpy

Category

Malware

Type

• Backdoor
• Info stealer
• Exfiltration

Information

• https://blog.trendmicro.com/trendlabs-security-intelligence/cyberespionage-campaign-sphinx-goes-mobile-anubisspy/
• https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphinx-goes-mobile-with-anubisspy.pdf

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/apk.anubisspy

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:anubisspy

Other Information

Uuid

808cf3ae-bce9-40a5-a4e9-14bb9c1c8424

Last Card Change

2020-05-21