Merge pull request #810 from Delta-Sierra/main

add Anubis & Godfather android banking trojans
This commit is contained in:
Alexandre Dulaunoy 2023-01-26 15:03:41 +01:00 committed by GitHub
commit 06f250ef7c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -4664,7 +4664,36 @@
},
"uuid": "66026639-132f-436e-8348-1219714e9f62",
"value": "Vulture"
},
{
"description": "Starting in June 2018, a number of new malware downloader samples that infect users with BankBot Anubis (aka Go_P00t) was discovered. The campaign features at least 10 malicious downloaders disguised as various applications, all of which fetch mobile banking Trojans that run on Android-based devices. Anubis Masquerades as Google Protect.",
"meta": {
"refs": [
"https://securityintelligence.com/anubis-strikes-again-mobile-malware-continues-to-plague-users-in-official-app-stores/"
]
},
"uuid": "d21ab582-2286-4827-9710-0eb283244ff1",
"value": "Anubis"
},
{
"description": "The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including banking applications, cryptocurrency wallets, and crypto exchanges.\nFew people realize that hiding under Godfathers hood is an old banking Trojan called Anubis, whose functionality has become outdated due to Android updates and the efforts of malware detection and prevention providers.\nGroup-IB first detected Godfather, a mobile banking Trojan that steals the banking and cryptocurrency exchange credentials of users, in June 2021. Almost a year later, in March 2022, researchers at Threat Fabric were the first to mention the banking Trojan publicly. A few months later, in June, the Trojan stopped being circulated. One of the reasons, Group-IB analysts believe, why Godfather was taken out of use was for developers to update the Trojan further. Sure enough, Godfather reappeared in September 2022, now with slightly modified WebSocket functionality.",
"meta": {
"refs": [
"https://blog.group-ib.com/godfather-trojan"
]
},
"related": [
{
"dest-uuid": "d21ab582-2286-4827-9710-0eb283244ff1",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "successor-of"
}
],
"version": 21
"uuid": "dddfa582-3df3-4832-bffe-c38e70b710ac",
"value": "GodFather"
}
],
"version": 22
}