Beware Of The Evolution Of Zanubis Banking Trojans, Can Be Disguised As A Sah Application

The evolution of the Zanubis Banking Trojan (photo: Kaspersky)

JAKARTA - Kaspersky experts have analyzed the latest campaign conducted by Zanubis, a banking Trojan known for its proficiency to disguise itself as a legitimate app.

Zanubis, an Android banking trojan, emerged in August 2022, targeting financial and crypto users in Peru, by emulating the legitimate Android Peru app, and tricking users into granting accessibility permits, thus handing over control.

Then in April 2023, Zanubis evolved, posing as an official application to the Peru SUNAT (Superintendencia Nacional de Aduanas y de Administraci total Ttributaria) government organization, which showed an increase in the sophistication of this trojan.

To communicate with its controller server, it uses WebSockets and a library called Socket.IO. This allows it to adapt and stay connected despite problems.

Unlike other malware, Zanubis doesn't have a fixed list of target apps. Instead, it can be remotely programmed to steal data when certain apps are running.

This malware even creates a second connection, which can give cybercriminals full control over user devices. And the worst thing is, it can disable the user's device by pretending to be an Android update.

Cybercriminals will not stop pursuing monetary gain, are now increasingly penetrating the world of crypto assets, and even posing as government agencies to achieve their goals, said Tatyana SHishkova, the top security researcher at GREAT in a statement received on Monday, October 2.

To protect oneself from this ever-evolved danger, Tatyana appealed to organizations to remain vigilant and get sufficient information.