AnubisSpy

AnubisSpy is a mobile malware targeting Android-powered devices, delivered via malicious apps once available on the official Google Play store. The malware is associated with the cyber-espionage group known as "Sphinx" or "APT-C-15." AbubisSpy is used to steal SMS messages, photos, videos, contacts, email accounts, calendar events, and browser histories from Chrome and Samsung Internet Browser. Additionally, it can take screenshots and record audio, including phone calls. It spies on the victims via apps installed on the device, including, but not limited to: Skype, WhatsApp, Facebook, and Twitter. Once the data has been collected, it is encrypted and sent to its C2 server. AnubisSpy can run commands, delete files on the device, install and uninstall APKs, and has the ability to self-destruct.

Technical Details

  • Trend Micro provides technical analysis of the AnubisSpy malware here.