Anubis Android trojan spotted stealing PayPal credentials and locking devices
- Anubis trojan encrypts all the files on an external medium and locks the infected device with a black screen.
- Anubis trojan comes with a device lock feature which attempts to lock the compromised devices. However, Stefanko was able to circumvent it.
What is the issue - A security researcher named Lukas Stefanko spotted Anubis Android trojan that steals PayPal credentials.
Why it matters - The trojan encrypts all the files on an external medium and locks the infected device with a black screen.
More details on the trojan
Lukas Stefanko spotted the Anubis trojan disguised as an Android application that is available for download in Google Play Store.
“Crypto-Banking Ransomware found on Google Play. Once it lured my PayPal credentials it encrypted my files on external medium and locked my device with black screen. #Anubis,” Stefanko tweeted.
- Once the Anubis Android trojan is dropped onto the compromised device, it starts collecting banking credentials.
- The trojan collects credentials by taking screenshots when users enter their credentials into apps.
- It then encrypts all the files and appends .AnubisCrypt extension and then locks the device with a black screen.
Anubis trojan comes with a device lock feature which attempts to lock the compromised devices. However, Stefanko was able to circumvent it.
“I could bypass it, and it doesn't request ransom - maybe a bad implementation,” Stefanko told BleepingComputer.
Worth noting - Even though the Anubis infected app that is available in the Google Play Store does not have many installs, the app comes with 4 stars and 90 ratings.
These positive ratings could allow the app to gain popularity over a period of time. However, a Google spokesperson confirmed that the app is no longer available in the Google Play Store.