Trojan "Zanubis" is growing in strength. It can take over your phone

The Zanubis banking Trojan has evolved, making it once again a real threat to Android smartphone users. The software is so far primarily known for attacks in Peru. After the last modification in April 2023, the fraudsters managed to use it in a fake program pretending to be a Peruvian government app.

Security researchers from Kaspersky describe the latest findings related to the Zanubis banking trojan. The software is hidden in various applications and is difficult to detect by security mechanisms, among other things, thanks to code obfuscation. Zanubis is capable of stealing data from Android applications, which are continuously indicated by the attacker. Moreover, it can completely take control of the device, and even force its restart under the pretext of an update.

The tracking of Zanubis software has also helped analysts identify other threats. An example is Lumma - a line of malware that pretends to be software capable of converting .docx and .pdf formats. Lumma ultimately allows for stealing files from the cache, including logs from cryptocurrency wallets. This later allows for an attempt to steal money.

The popularity of malicious software in a chosen market does not necessarily mean that its distribution will end there. On the contrary - we have reported many times on cases where, within just a few days or weeks, well-known malicious software from, for example, the USA, was quickly noticed in Europe as well and implemented by fraudsters for daily operation.