This app is targeting 351 banking applications. I created the list of the targeted apps, enjoy! https://pastebin.com/qKKznsXJ https://twitter.com/virqdroid/status/1055756637695369216 …
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
This is a sophisticated malware, I will take the weekend to write something correct
Dear mr. Elliot, nothing new here, it is the nr 1 Android Banking Trojan #Anubis v2.1, with over 100 new samples a week. The targeted overlays are not the only problem, RAT (backconnect Sock5), sound recording and keylogging. Cheers!
I didn’t say it was new. Any articles on the subject?
https://info.phishlabs.com/blog/bankbot-anubis-threat-upgrade … We have a full threat intel report of course, but It has no new bot commands for a while since the twitter update C2 trick was blogged.
Ok thank you! The sample tweeted by @virqdroid is using a different twitter account
Decode their tweet is not that hard, it still worth a blog post I think.
All bots have a hardcoded handle, please note that the twitter handle can be updated using a single command from the C2 to avoid losing bots during an NTD. The encryption key (hardcoded) can be different based on actor, Its a private rental trojan.https://twitter.com/ThreatFabric/status/1014163287351623693 …
Thank's @fs0c131y! Just out of curiosity, how did you deobfuscate the code?
Also, thank's to @JAMESWT_MHT for the escalation ;)
cc @Bank_Security @dvk01uk
https://twitter.com/realDonaldTrump/status/1055822810940129283 … cn u pl hlp dis poor chap ?
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.