A new Android banking trojan called Zanubis has emerged, posing as a legitimate app from the Peruvian government. This deceptive tactic is aimed at tricking unsuspecting users into installing the malware, which then gains control over their device. Here's what you need to know about this emerging threat.
Infection Path and Target:
Zanubis primarily infiltrates devices by impersonating genuine Peruvian Android applications. Once installed, it tricks users into enabling Accessibility permissions, effectively granting the trojan full control over the device. This malicious software is particularly notorious for its focus on the Latin American region, with over 40 banks and financial entities in Peru falling prey to its attacks.
Functionality and Capabilities:
Once installed, Zanubis abuses the granted Accessibility permissions to overlay fake screens on top of legitimate apps, attempting to steal sensitive information like credentials. Additionally, it has the ability to harvest contact information, compile lists of installed apps, and gather system metadata.
Clever Disguise:
Recent samples of Zanubis, observed in April 2023, have adopted the identity of the Peruvian customs and tax agency, known as Superintendencia Nacional de Aduanas y de Administración Tributaria (SUNAT). By using Android's WebView to load the genuine SUNAT website, the trojan creates a convincing facade of legitimacy.
Stealthy Operations:
Zanubis maintains connections to a server controlled by threat actors, receiving commands through WebSockets. It diligently monitors the apps accessed on the device, comparing them to a predefined list of targets. Upon detecting a match, the trojan proceeds to log keystrokes or even record the screen, extracting sensitive data.
Unique Threat:
What sets Zanubis apart is its ability to mimic an Android operating system update, rendering the device effectively unusable. The trojan monitors and blocks attempts to lock or unlock the device during this 'update', heightening its impact.
Zanubis poses a significant threat to Android users, especially in the Latin American region. Vigilance and cautious app installation practices are crucial in safeguarding against such deceptive malware. Stay informed and stay secure.
