Close Menu
  • Latest News
    • Market
    • Altcoins
    • Legal and Regulatory
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • NFTs
    • Gaming
  • Learn
    • Education
    • Investments
    • Staking
    • Wallets and Exchanges
  • ICOs
  • Mining
  • Crypto Tools
    • Exchange Tool
  • Shop
What's Hot

ARK pushes back against a16z’s ‘TradFi wants blockchain, not DeFi’ claim

July 18, 2026

Investors rejected crypto basket ETFs and now this $1.9 trillion manager is putting the reason to the test

July 18, 2026

Hyperliquid: 16z-linked wallet deposits $30mln HYPE – What next?

July 18, 2026
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook X (Twitter) Instagram
CryptoPulseDaily.com
  • Latest News
    • Market
    • Altcoins
    • Legal and Regulatory
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • NFTs
    • Gaming
  • Learn
    • Education
    • Investments
    • Staking
    • Wallets and Exchanges
  • ICOs
  • Mining
  • Crypto Tools
    • Exchange Tool
  • Shop
CryptoPulseDaily.com
Home»Security and Privacy»Android Banking Trojan Zanubis Evolves to Target Peruvian Users
Android Banking Trojan Zanubis Evolves to Target Peruvian Users
Security and Privacy

Android Banking Trojan Zanubis Evolves to Target Peruvian Users

September 28, 2023No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

The Android banking Trojan Zanubis has taken on a new guise, posing as the official app for the Peruvian governmental organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria). 

Originally detected in August 2022, this malware targets financial and cryptocurrency users in Peru by impersonating legitimate Android apps. Zanubis tricks users into granting Accessibility permissions, effectively surrendering control of their devices.

What sets Zanubis apart is its increasing sophistication, explained a new advisory published by Kaspersky today. The Trojan utilizes the Obfuscapk obfuscator for Android APK files, making it challenging to detect.

Once it gains access to a victim’s device, it deceives them by loading a genuine SUNAT website using WebView, creating the illusion of legitimacy. The Trojan maintains communication with its controlling server through WebSockets and a library called Socket.IO, ensuring connectivity even in adverse conditions.

What’s particularly worrisome is Zanubis’s adaptability. Unlike typical malware with fixed target apps, Zanubis can be remotely programmed to steal data when specific apps are in use. Additionally, it establishes a second connection, potentially granting malicious actors complete control over a compromised device. To compound the threat, it can disable a device by masquerading as an Android update.

In the same advisory, Kaspersky researchers mentioned the discovery of a cryptor/loader called AsymCrypt, designed to target crypto wallets and distributed through underground forums. This evolved DoubleFinger loader variant serves as a gateway to the TOR network. Buyers customize its functionality, injecting malicious DLLs concealed within encrypted image blobs.

The Lumma stealer is another evolving malware lineage recently discovered by the security researchers. Previously known as Arkei, Lumma retains 46% of its original attributes. To infect a system, this malicious software camouflages itself as a file converter from .docx to .pdf, triggering its payload when files come back with a double extension of .pdf.exe.

See also  $3,000,000,000 Worth of Crypto Stolen by North Korean Hackers in Six Years, Says Cybersecurity Firm

Lumma primarily targets crypto wallets, stealing cached files, configuration files and logs. Its evolution includes system process list acquisition, altered communication URLs and advanced encryption techniques.

Read more on crypto-stealers: Satacom Malware Campaign Steals Crypto Via Stealthy Browser Extension

Tatyana Shishkova, a lead security researcher at Kaspersky’s GReAT (Global Research and Analysis Team), emphasized the dynamic nature of these threats and the importance of staying informed. 

“The ever-evolving landscape of malware, exemplified by the multifaceted Lumma stealer and the ambitions of Zanubis as a full-fledged banking Trojan, underscores the dynamic nature of these threats,” she said.

“Intelligence reports play a pivotal role in keeping abreast of the latest malicious tools and attacker techniques, empowering us to stay one step ahead in the ongoing battle for digital security.”

Kaspersky recommended various preventive measures, including offline backups, anti-ransomware tools and dedicated security solutions, to mitigate financially motivated threats.

Source link

Android Banking Evolves Peruvian Target Trojan users Zanubis
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

How Malicious Liquidity Pools Are Trick-Quoting Ethereum and Polygon Users

July 17, 2026

Modular macOS Stealer Uses Kill Loops to Force Password Entry

July 16, 2026

Inside BC token’s economic model: How BC Engine connects users, rewards, and ecosystem growth

July 16, 2026

Standard Chartered Selects Broadcom to Deliver Secure, Always-On Banking Services at Global Scale

July 16, 2026
Add A Comment
Leave A Reply Cancel Reply

Top Posts

Bitcoin miners offload 15K BTC since October, with more sales expected

March 14, 2026

Sure, Crypto Crime Is Down, But It’s Not Extinct.

January 23, 2024

Bitcoin Network Hashrate Growth Was Muted in January: JPMorgan

February 5, 2025

Subscribe to Updates

Get the latest creative news From Crypto Daily Pulse directly in your Inbox!

Our mission is to develop a community of people who try to make financially sound decisions. The website strives to educate individuals in making wise choices about Crypto, ICOs, Web3, Blockchain and more.

We're social. Connect with us:

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

ARK pushes back against a16z’s ‘TradFi wants blockchain, not DeFi’ claim

July 18, 2026

Investors rejected crypto basket ETFs and now this $1.9 trillion manager is putting the reason to the test

July 18, 2026

Hyperliquid: 16z-linked wallet deposits $30mln HYPE – What next?

July 18, 2026
Get Informed

Subscribe to Updates

Get the latest creative news From Crypto Daily Pulse directly in your Inbox!

  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2026 Crypto Pulse Daily - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.

Cleantalk Pixel
  • bitcoinBitcoin(BTC)$63,925.001.95%
  • ethereumEthereum(ETH)$1,843.221.05%
  • tetherTether(USDT)$1.000.01%
  • binancecoinBNB(BNB)$567.580.63%
  • usd-coinUSDC(USDC)$1.00-0.02%
  • rippleXRP(XRP)$1.090.53%
  • solanaSolana(SOL)$74.840.39%
  • tronTRON(TRX)$0.322098-0.04%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.030.65%
  • HyperliquidHyperliquid(HYPE)$59.25-0.08%