The Anubis Android Banking Botnet is one of the most sophisticated mobile malware threats targeting financial data worldwide. First identified in 2017, Anubis has evolved into a modular, multi-functional banking Trojan capable of stealing credentials, hijacking sessions, and even remotely controlling infected devices.
Download Server 1 Download Server 2 Download Server 3
What is the Anubis Android Banking Bot?
Anubis is a malware-as-a-service (MaaS) banking Trojan primarily targeting Android users. It operates as a botnet, allowing attackers to simultaneously control thousands of infected devices from a centralized command server.
Technical Features and Capabilities
1. Financial Data Theft
- Overlay Attacks
- Displays fake login screens over real banking apps
- Captures usernames, passwords, and 2FA codes
- Keylogging
- Records all keystrokes, including virtual keyboard inputs
- SMS Interception
- Reads authentication codes sent via text
- Block messages from banks to prevent fraud alerts
2. Device Takeover Features
- Remote Control
- Screen Recording
- GPS Tracking
3. Persistence Mechanisms
- Device Administrator Privileges
- Anti-Detection Techniques
- Automatic Updates
4. Distribution Network
- Fake Apps
- Phishing Websites
- Third-Party App Stores
