Anubis is a mobile malware targeting Android-powered devices, delivered via malicious apps once available on the official Google Play store. The malware is associated with the cyber-espionage group known as "Sphinx" or "APT-C-15." Abubis is used to steal SMS messages, photos, videos, contacts, email accounts, calendar events, and browser histories from Chrome and Samsung Internet Browser. Additionally, it can take screenshots and record audio, including phone calls. It spies on the victims via apps installed on the device, including, but not limited to: Skype, WhatsApp, Facebook, and Twitter. Once the data has been collected, it is encrypted and sent to its C2 server. Anubis can run commands, delete files on the device, install and uninstall APKs, and has the ability to self-destruct.

Technical Details

  • Trend Micro provides technical analysis of the Anubis malware here.

  • January 2019: Anubis was found installed on two apps in the Google Play store, one advertised as a currency converter and the other a power saver. Anubis uses the device’s sensors to avoid detection. (Trend Micro)