Beware of New Malware

on Android Phones That Hacks

M-Banking, Accounts Wiped Out!

Jakarta, CNBC Indonesia –Android phone users are haunted by the threat of a new variant of malware that can hack bank accounts. The Kaspersky global research and analysis team (GReAT) said there is a new version of the mobile banking trojan from Zanubis that threatens the public.

The original version of Zanubis was first detected in 2022. This malware disguises itself as a PDF reader service or a Peruvian government agency application.

The latest variant discovered in 2025 disguises itself as 2 new applications, namely an energy sector company and a bank, quoted from the official Kaspersky website, Monday (2/6/2025).

With sophisticated social engineering techniques, users are persuaded to download and install this fake application. Then, the malware will steal banking credentials and keys from the victim’s digital or crypto wallet.

Zanubis also performs keystroke logging and screen recording, among other functions. Kaspersky detected more than 130 victims in the latest operation, and around 1,250 since the malware monitoring began.

On Android phones, apps can be installed from the official Google Play Store. Alternatively, apps can also be installed directly from APK files without going through the official app store.

Zanubis manages to get onto victims’ phones via APK files. When imitating an energy company, the malicious APKs are distributed with names such as “Boleta_XXXXXX.apk” (“Bill”) or “Factura_XXXXXX.apk” (“Invoice”).

The fake apps trick users into believing that they are opening and verifying the alleged bill or invoice. The apps pretend to be fake invoice verification tools, requiring users to install them and enter their customer information to check for unpaid invoices.

Meanwhile, when imitating banks, victims are tricked into downloading malware under the guise of instructions from a fake bank advisor.

After the user downloads and launches one of the APK files, a screen appears with the logo of the organization being used to scam, as well as stating that the necessary checks are in progress.

The app requires users to grant accessibility permissions, stating that the permissions are required for the app’s normal operation.

Android’s accessibility permissions give apps the ability to interact with and control various aspects of the device’s interface and functions, primarily to assist users with disabilities.

When a malware app obtains accessibility permissions, the fraudsters can silently monitor and harvest sensitive user data, such as passwords, messages, and banking details, by reading the content of the screen and notifications.

This is exactly what the attackers behind Zanubis do to steal money and gain access to other personal information.

The attackers behind Zanubis are believed to be from Peru. There is consistent use of Latin American Spanish in the code, and the attackers demonstrate knowledge of Peruvian banking and government institutions.

“Zanubis has shown a clear evolution, transitioning from a simple banking Trojan to a highly sophisticated and multifaceted threat. Its focus remains on high-value targets, specifically banks and financial institutions in Peru,” said Leandro Cuozzo, Security Researcher at Kaspersky’s Global Research and Analysis Team.

“The attackers behind Zanubis show no signs of slowing down. They are constantly adapting their tactics, changing distribution methods to ensure the malware reaches new victims and executes silently,” he added.

Kapersky reminds both individual and corporate users to remain vigilant and increase their digital literacy levels, as well as use trusted and proven security solutions, to avoid such threats.

Here are some recommendations to avoid the m-banking theft scam:

Download mobile applications from official application stores, namely the Google Play Store and Apple App Store. However, Kapersky reminds us that applications in official application stores are also not 100% safe from fraud and malware.

Always check application reviews. Use links from official pages, and use official security software that can help detect malicious applications.

Check the policies and permissions of the applications you use to avoid data theft.

Update the operating system and applications used to avoid theft due to software vulnerabilities.

SOURCE : CNBC INDONESIA