Evolution of Zanubis, a banking Trojan for Android
Essential information
- Published
- 28/05/2025 17:57
- Modified
- 28/05/2025 20:34
- Tags
- 2025-05-28 android banking trojan credential-theft sms hijacking zanubis
- Related entities
- 8 observables, 1 intrusion sets (apt), 1 techniques (mitre), 1 malware, 2 others
Description
Zanubis is an evolving Android banking Trojan that emerged in 2022, targeting financial institutions in Peru before expanding to virtual cards and crypto wallets. It impersonates legitimate apps to trick users into granting accessibility permissions, enabling extensive data theft and device control. The malware has undergone significant development, incorporating features like SMS hijacking, screen recording, and device credential stealing. Recent versions show improved obfuscation, encryption, and silent installation techniques. The threat actors, likely based in Peru, continue to refine the malware's capabilities and targeting strategy, focusing on high-value financial targets in the region.