Rapid Response: Zimperium Detects All Reported Samples of Evolving Zanubis Android Banking Trojan

Kaspersky recently published an in-depth analysis of Zanubis, an evolving Android banking trojan primarily targeting users in Latin America. Initially masquerading as legitimate Peruvian government apps, Zanubis has continued to evolve its tactics and infrastructure, now distributing malware through deceptive websites and exploiting accessibility services to gain extensive control over infected devices.

Once installed, Zanubis abuses accessibility permissions to monitor user activity, intercept credentials, and perform actions on behalf of the victim—such as navigating banking apps, approving transactions, and exfiltrating sensitive information. It also implements anti-analysis techniques, such as using delayed execution and environment checks, to evade detection and analysis. These features make Zanubis not only dangerous but increasingly difficult for conventional security solutions to identify in time.

The blog reports 29 samples from which 11 are in the public domain. Zimperium’s Mobile Threat Defense (MTD) detects these 11 samples with high accuracy and in a zero-day fashion. Our on-device dynamic detection engine analyzes app behavior in real-time, enabling early detection and prevention before the malware can take control or access sensitive user data.

As Zanubis and other banking trojans continue to adapt and become more sophisticated, Zimperium remains committed to delivering advanced, proactive protection to secure mobile users and financial institutions worldwide.

For more technical details, read Kaspersky’s full report here.