Kaspersky has been tracking the Zanubis banking trojan first discovered in August 2022 targeting financial and crypto users in Peru.
The Android malware tricks users into granting accessibility permissions as it assumes the “guise” of legitimate applications, Kaspersky said in its latest crimeware report.
In April 2023, Zanubis evolved to posing as the official application for a Peruvian governmental organization, Kaspersky said. Once the bug gets permission to access the device, it tricks a victim by loading the real website using WebView, making it seem legitimate.
“Unlike other malware, Zanubis doesn't have a fixed list of target apps. Instead, it can be programmed remotely to steal data when specific apps are running," Kaspersky wrote in the report. "The malware also creates a second connection, which can give the bad actors full control over the target device. It can even disable a device by pretending to be an Android update.”
Tatyana Shishkova, lead security researcher at GReAT, said that "adapting to this constant transformation in malicious code and cybercriminal tactics poses an ongoing challenge for defense teams."
She continued, "To safeguard against these evolving dangers, organizations must remain vigilant and well-informed. Intelligence reports play a pivotal role in keeping abreast of the latest malicious tools and attacker techniques, empowering us to stay one step ahead in the ongoing battle for digital security.”
Kaspersky Inks OEM Deal
Under terms of the deal, Centerm will pre-install Kaspersky Thin Client on its hardware platform, the Centerm F620 thin client, and distribute this ready-made product through regional partners and distributors.
Kaspersky Thin Client is an operating system for thin clients based on the KasperskyOS operating system. The cybersecurity provider sees opportunity in the thin client market. Researcher IDC pegs the thin client market to step ahead by 5% CAGR by 2026.
Kaspersky said it will target the thin client solution to government, commercial structures, transport and industrial enterprises, in financial institutions and retail, in smart city infrastructure, as well as in the industrial automation industry.
“It is an incredible step forward for Kaspersky to enter the global IT market with the latest Cyber-Immune thin client,” said Andrey Suvorov, head of KasperskyOS business unit. “It is the first cyber immune thin client solution for the workforce that does not require applied anti-virus protection or other traditional cyber security tools.
Research Uncovers Malicious AI-Tool WormGPT
And, finally, Kaspersky’s researchers said they have uncovered a series of websites on the shadow internet that appear to be selling fake access to the malicious AI-tool WormGPT. These sites have phishing-like characteristics, including varying designs, pricing, currencies used for payment, and some require upfront payment for access to a trial version, Kaspersky said.
“In the dark web, it is impossible to distinguish malicious resources with absolute certainty,” said Alisa Kulishenko, digital footprint analyst at Kaspersky. “It is a well-known fact that cybercriminals often deceive each other. However, recent phishing attempts may indicate the level of popularity of these malicious AI tools within the cybercriminal community. These models, to some extent, facilitate the automation of attacks, thereby emphasizing the increasing importance of trusted cybersecurity solutions.”