mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
Merge pull request #810 from Delta-Sierra/main
add Anubis & Godfather android banking trojans
This commit is contained in:
commit
06f250ef7c
1 changed files with 30 additions and 1 deletions
|
@ -4664,7 +4664,36 @@
|
||||||
},
|
},
|
||||||
"uuid": "66026639-132f-436e-8348-1219714e9f62",
|
"uuid": "66026639-132f-436e-8348-1219714e9f62",
|
||||||
"value": "Vulture"
|
"value": "Vulture"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Starting in June 2018, a number of new malware downloader samples that infect users with BankBot Anubis (aka Go_P00t) was discovered. The campaign features at least 10 malicious downloaders disguised as various applications, all of which fetch mobile banking Trojans that run on Android-based devices. Anubis Masquerades as Google Protect.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://securityintelligence.com/anubis-strikes-again-mobile-malware-continues-to-plague-users-in-official-app-stores/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "d21ab582-2286-4827-9710-0eb283244ff1",
|
||||||
|
"value": "Anubis"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including banking applications, cryptocurrency wallets, and crypto exchanges.\nFew people realize that hiding under Godfather’s hood is an old banking Trojan called Anubis, whose functionality has become outdated due to Android updates and the efforts of malware detection and prevention providers.\nGroup-IB first detected Godfather, a mobile banking Trojan that steals the banking and cryptocurrency exchange credentials of users, in June 2021. Almost a year later, in March 2022, researchers at Threat Fabric were the first to mention the banking Trojan publicly. A few months later, in June, the Trojan stopped being circulated. One of the reasons, Group-IB analysts believe, why Godfather was taken out of use was for developers to update the Trojan further. Sure enough, Godfather reappeared in September 2022, now with slightly modified WebSocket functionality.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://blog.group-ib.com/godfather-trojan"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "d21ab582-2286-4827-9710-0eb283244ff1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "successor-of"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 21
|
"uuid": "dddfa582-3df3-4832-bffe-c38e70b710ac",
|
||||||
|
"value": "GodFather"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"version": 22
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue