A new ransomware group called Anubis has emerged as a significant threat in the cybersecurity landscape, targeting both Android and Windows systems with sophisticated attack methods.
First identified in November 2024, this dual-platform malware represents a growing trend in the ransomware ecosystem, which saw attacks rise by almost 25% in 2024 according to recent threat intelligence data.
Anubis demonstrates remarkable versatility by operating differently across platforms. On Android devices, it functions primarily as a banking trojan, employing phishing overlays to display counterfeit login interfaces over legitimate applications.
The malware captures user credentials through screen recording and keylogging capabilities, while simultaneously propagating itself via mass SMS messages sent to the victim’s contacts.
In more severe cases, it can lock devices entirely and display ransom demands. On Windows systems, Anubis operates as a comprehensive Ransomware-as-a-Service (RaaS) offering.
The malware encrypts files using the Elliptic Curve Integrated Encryption Scheme (ECIES) and employs privilege escalation techniques through access token manipulation.
Particularly concerning is its destructive capability – victims have reported permanent data deletion even after ransom payments were made, suggesting the group uses this tactic to increase pressure and deter payment delays.
The ransomware group has implemented a distinctive affiliate payment structure with multiple monetization options.
In standard operations, affiliates retain 80% of ransom proceeds, while Anubis collects 20% for providing tools and infrastructure.
For attacks involving data theft and extortion campaigns, the group increases its share to 40%. When providing direct assistance during negotiations, revenue is split equally between Anubis and affiliates.
Security researchers have observed the group communicating in Russian on dark web forums, though no specific regional attribution has been confirmed.
Anubis has demonstrated a particular focus on critical infrastructure and high-value targets, including healthcare organizations, construction companies, and professional services firms across the United States, France, Australia, and Peru.
The group gained significant attention following a November 2024 attack on an Australian healthcare provider, where patient data, including contact information, medical records, and Medicare details, were potentially compromised.
This incident marked Anubis’s public emergence and highlighted the healthcare sector’s vulnerability to such attacks.
The rise of groups like Anubis reflects broader trends in the cybercriminal ecosystem, where the number of ransomware group leak sites grew by 53% in 2024.
Security experts recommend implementing multi-factor authentication, robust endpoint detection systems, and comprehensive user education programs to defend against these evolving threats.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…