A new info-stealing malware seen by Microsoft Intell team which was sold in the cybercriminal underground in June is now actively distributed in the wild. The malware is called Anubis and uses code forked from Loki malware to steal system info, credentials, credit card details, cryptocurrency wallets.
The new malware shares a name with an unrelated family of Android banking malware. Anubis is deployed in what appears to be limited, initial campaigns that have so far only used a handful of known download URLs and C2 servers.
Microsoft Defender ATP detects the new malware as WS:MSIL/Anubis.G!MTB.
IOCs (SHA-256): c2ca3c7810fbd2eb4933299433a0e58ffe0707700c780fe420b2c258e32ebe18, 895b3b6890d192de8bc3744ce0757edb909351081744403663a9c3b04e409125, 341b474228bf3d99a3570a3b55b4a9b965db00cfbc52988236ffb49990aa8aef