Light Dark
July 9, 2019 By David Bisson 2 min read

Security researchers uncovered more than 17,000 samples of the Anubis Android malware family stored on two related servers.

While tracking the activity of the Android malware, Trend Micro came across two related servers that contained 17,490 samples of Anubis. After analyzing two of the samples, the researchers found that they requested certain URLs and parsed an XML file to download a malicious app. Anubis then used that malicious app to target 188 banking- and finance-related apps, the vast majority of which were based in Poland, Australia, Turkey and Germany.

In its analysis, Trend Micro found two labels in the samples — Operatör Güncellemesi (which means “Operator Update” in Turkish) and Google Services — and reasoned that Anubis’ handlers likely use the labels as social engineering lures. Even so, those samples bearing one label over the other had slightly different routines. For instance, the analysts needed to unpack variants with the Google Services label before they could access their information-stealing capabilities. They didn’t need to perform this step for variants that arrived with the Operatör Güncellemesi label.

Yet Another Anubis Malware Sighting

In July 2018, IBM X-Force reported that several developers had uploaded downloaders for Anubis and other Android malware to the Google Play store. The following January, Trend Micro discovered two additional apps on Google Play that contained the malware. In both instances, Anubis exploited motion sensor data as a means of evasion.

News of this campaign arrived just a few months before Bleeping Computer reported on a new variant of Anubis that contained a ransomware module.

How to Defend Against Android Malware

The most basic way to help defend against Android malware like Anubis is to follow mobile best security practices, such as keeping devices current with the latest updates and limiting app installations on corporate devices to work-related programs created by trusted developers on official marketplaces. Solutions that leverage artificial intelligence can also help increase the accuracy of manual mobile threat analysis on a large scale.

 |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature