Kaspersky Finds New Version Of Zanubis Trojan, Disguised As Invoice Verification Tool

JAKARTA - The Kaspersky Global Research and Analysis Team (GREAT) found a new version of Zanubis' mobile banking trojan targeting users in Peru.

When Zanubis first appeared in 2022, he imitated a PDF reader or an application of Peru's government organization, and now in 2025 he disguises himself as two new apps, one owned by a local company in the energy sector and the other owned by a local bank.

With advanced social engineering techniques, users are persuaded to download and install this fake app, which steals credentials and banking keys from digital or crypto wallets.

In this new version, global cybersecurity firm Kaspersky detected more than 130 victims in the latest operation, and about 1,250 since the malware monitoring began.

On smartphones running Android, apps can be installed from various stores, but apps can also be installed directly from APK files without going through the store.

The app pretends to be a fake invoice verification tool, which requires users to install it and enter their customers' information to check various unpaid invoices.

Meanwhile, when imitating the bank, the victim was tricked into downloading malware under the guise of instructions from a fake bank consultant.

Once the user downloads and launches one of APK's described files, the screen will appear with a fake organization logo to cheat, stating that the inspection is ongoing.

Kaspersky predicts that the threat perpetrator behind Zanubis may be operating from Peru. Because, there is a consistent use of Latin American Spanish in the code.

Zanubis has shown a clear evolution. It is very important for individual and enterprise users to remain vigilant and increase their level of digital literacy," said Leandro Cu Way, Security Researcher at Kaspersky's Global Research and Analysis Team.