By: Jillian Stella, December 21, 2017 (12:20 PM)

The Cyberespionage of AnubisSpy

A hacker group known as APT-C-15, who was famously known for the Sphinx cyberespionage campaign has adopted a new Android targeted malware.

The malware is known as AnubisSpy and in addition to spying on Middle Eastern devices, it also robs data from users.

Specifically, the malware can steal pictures and videos, contacts, emails, calendar events, browser history, and it can record and take screenshots.

Once AnubisSpy is delivered, it can also collect files from multiple social media platforms.

The campaign has numerous elements of which are presented below:

Source: https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphinx-goes-mobile-with-anubisspy.pdf

The malwares payload is a package known as ‘watchdog’ which takes advantage of software vulnerabilities.

To deliver watchdog, the hackers of APT-C-15 inserted the exploit into a seemingly real application or a trusted site that was actually a malware-ridden clone.

Such social engineering technique was predicted to become more common by Trend Micro’s VP Tom Kellerman back in 2013.

Trend Micro calls this attack methodology the watering hole.

Because just as a hole in the ground keeps collecting water, APT-C-15 attackers can unceasingly collect organization intelligence once they’ve infiltrated the network.

Jillian Stella

Jillian Stella is a recent graduate from the University at Albany where she obtained a Bachelor’s of Science degree in Digital Forensics. Jillian is a Security Analyst and Researcher at Cursive Security where she works with and performs assessment and response services for clients. She is currently conducting research in the area of cyber threat intelligence.

Be Informed. Stay One Step Ahead.

Sign up for our newsletter and stay up to date with the latest industry news, trends, and technologies