Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 23:50:16 UTC
Home > List all groups > List all tools > List all groups using tool Anubis
 Tool: Anubis
Names
Anubis
BankBot
Go_P00t
android.bankbot
android.bankspy
Category Malware
Type Banking trojan, Backdoor, Keylogger, Info stealer, Credential stealer
Description
(Trend Micro) The Anubis malware masquerades as a benign app, prompts the user to
grant it accessibility rights, and also tries to steal account information. Banking trojans
usually launch a fake overlay screen when the user accesses a target app and tries to
steal information when the user inputs account credentials into the overlay. However,
Anubis’ process is a little different. It has a built-in keylogger that can simply steal a
users’ account credentials by logging the keystrokes. The malware can also take a
screenshot of the infected users’ screen, which is another way to get the victims
credentials.
Information https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a30f599-8c6c-4721-a736-4b21c8def62b
Page 1 of 2

reverse-engineering/2018/08/30/Unpacking-Anubis-APK.html>
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool Anubis
Changed Name Country Observed
Unknown groups
 _[ Interesting malware not linked to an actor yet ]_
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a30f599-8c6c-4721-a736-4b21c8def62b
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a30f599-8c6c-4721-a736-4b21c8def62b
Page 2 of 2