Anubis: The info-stealing malware (Loki fork)

A new info-stealing malware seen by Microsoft Intell team which was sold in the cybercriminal underground in June is now actively distributed in the wild. The malware is called Anubis and uses code forked from Loki malware to steal system info, credentials, credit card details, cryptocurrency wallets.

Anubis fan-art

The new malware shares a name with an unrelated family of Android banking malware. Anubis is deployed in what appears to be limited, initial campaigns that have so far only used a handful of known download URLs and C2 servers.

Microsoft Defender ATP detects the new malware as WS:MSIL/Anubis.G!MTB.

IOCs (SHA-256): c2ca3c7810fbd2eb4933299433a0e58ffe0707700c780fe420b2c258e32ebe18, 895b3b6890d192de8bc3744ce0757edb909351081744403663a9c3b04e409125, 341b474228bf3d99a3570a3b55b4a9b965db00cfbc52988236ffb49990aa8aef
Share This Message