Zanubis in motion Tracing the active evolution of the Android banking malware

Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets.

The main infection vector of Zanubis is impersonating legitimate Peruvian Android applications and then misleading the user into enabling the accessibility permissions. Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge.

This Android malware is undergoing continuous development, and we have seen new samples extending their data exfiltration and remote-control functionality as well as new obfuscation methods and deceptive tactics. The threat actors behind Zanubis continue to refine its code – adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. These updates are often aligned with recurring campaigns, suggesting a deliberate effort to keep the malware relevant and effective.

To understand how the Trojan reached its current stage, we need to look back at its origins and the early signs of what was to come. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

To read the complete article see: https://securelist.com/evolution-of-zanubis-banking-trojan-for-android/116588/