Android malware like ransomware exemplify how the platform can be lucrative for cybercriminals. But there are also other threats stirring up as of late: attacks that spy on and steal data from specific targets, crossing over between desktops and mobile devices.
Take for instance several malicious apps we came across with cyberespionage capabilities, which were targeting Arabic-speaking users or Middle Eastern countries. These were published on Google Play — but have since been taken down — and third-party app marketplaces. We named these malicious apps AnubisSpy (ANDROIDOS_ANUBISSPY) as all the malware’s payload is a package called watchdog.
We construe AnubisSpy to be linked to the cyberespionage campaign Sphinx (APT-C-15) based on shared file structures and command-and-control (C&C) server as well as targets. It’s also possible that while AnubisSpy’s operators may also be Sphinx’s, they could be running separate but similar campaigns.Read More