How to Protect Android Apps Against Anubis

What is Anubis?

Anubis is a sophisticated banking Trojan malware specifically targeting Android apps. Initially detected as a threat to financial information, it has since evolved, incorporating advanced features such as Remote Access Trojan (RAT) functionality, keylogging, and even ransomware capabilities. Alarmingly, it has been discovered on hundreds of applications within the Google Play Store, putting countless users at risk.

Why Protect Android Apps from Anubis?

Developers and cybersecurity professionals must defend against Anubis malware attacks due to the critical risks it poses to mobile apps, particularly those in the financial sector. Anubis poses a significant threat to user privacy and financial security. By gaining access to sensitive information through keylogging and remote access capabilities, this malware can steal passwords, banking details, and personal data. Consequently, this leads to identity theft and financial loss. Anubis can easily capture login credentials, enabling attackers to access bank accounts and execute unauthorized transactions, leading to significant financial loss. Additionally, its ability to intercept 2FA messages further exacerbates its threat level, allowing attackers to bypass standard security layers. Anubis can also grant remote access to the attacker, who can manipulate device behavior and extract even more data. As regulatory frameworks like PCI-DSS and GDPR demand the highest levels of data protection, detecting and blocking Anubis is essential for maintaining compliance and safeguarding user data from fraud and account takeovers.

How does Appdome protect against Anubis?

You can protect mobile apps against Anubis Trojans using the following Appdome protections:

1. RASP – Prevents BrasDex from injecting itself into installed apps and repackaging them. Also includes anti-tampering, anti-debugging, anti-emulator, and other protections against dynamic attacks at runtime.
2. Code Obfuscation – Protects against decompiling and malicious reverse engineering.
3. Root Detection –  protects mobile apps from running on rooted devices, which bypass Android’s security controls. Rooting exposes apps to tampering, data theft, and malware by giving attackers elevated access to system files and app data.
4. Accessibility Service Malware Prevention – Defends against attacks by blocking malicious apps, detecting specific attacks, and allowing trusted services through a whitelist. Ensures that the app closes and the user receives a notification informing them about the detection and suggesting the option to turn off their Accessibility Services via the settings.
5. Protection from Keylogging Attacks – Appdome customers can specify a list of approved keyboards, blocking the mobile app from using any keyboards that are not on the list, thereby stopping the exfiltration of keystroke information (keyloggers).
6. Keylogger Prevention – Prevents malicious recording of key strokes by mobile app users.

To learn more about activating these security protections in your mobile apps, please refer to the related articles section of this knowledge base article.

Related Articles:

• How to Protect Android Apps Against CraxsRAT Malware
• How to Protect Android Apps Against Xenomorph Malware
• How to Protect Android Apps Against BrasDex Malware
• How to Protect Android Apps Against FjordPhantom Malware
• How to Protect Android Apps Against Panda Malware
• How to Protect Android Apps Against Brokewell Malware
• How to Protect Android Apps Against Hiddad Malware

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.