Published on: 2025-04-02

Intelligence Report: New advanced FIN7s Anubis backdoor allows to gain full system control on Windows – Securityaffairs.com

1. BLUF (Bottom Line Up Front)

The FIN7 group has developed a new Python-based malware known as the Anubis backdoor, which allows attackers to gain full remote control over infected Windows systems. This malware poses a significant threat due to its ability to evade detection by antivirus solutions. The Anubis backdoor is distributed via phishing campaigns and compromised SharePoint sites, making it a critical concern for enterprise environments.

2. Detailed Analysis

The following structured analytic techniques have been applied for this analysis:

General Analysis

The Anubis backdoor is a sophisticated tool developed by the FIN7 group, also known as Carbanak. It is designed to execute shell commands, perform system operations, and evade detection through advanced obfuscation techniques. The malware is distributed in a ZIP package containing a Python script and multiple executable variants, demonstrating its adaptability and the threat actor’s efforts to diversify delivery mechanisms.

The Anubis backdoor uses AES CBC encryption and base encoding to load its payload, making it difficult to analyze. It communicates through a single TCP socket and can switch servers if needed. The malware supports various commands, including IP retrieval, registry modification, and remote code execution, allowing it to dynamically load malicious functionalities.

3. Implications and Strategic Risks

The Anubis backdoor presents significant risks to national security and economic interests. Its ability to remain undetected poses a threat to enterprises, particularly in the restaurant, gambling, and hospitality industries. The malware’s adaptability and the threat actor’s focus on financial gain increase the potential for widespread cybercrime and economic disruption.

4. Recommendations and Outlook

Recommendations:

• Enhance cybersecurity measures by deploying advanced threat detection and response solutions.
• Conduct regular security audits and employee training to recognize and mitigate phishing attempts.
• Implement stricter access controls and monitoring on SharePoint and other collaborative platforms.

Outlook:

In a best-case scenario, increased awareness and improved cybersecurity measures will mitigate the impact of the Anubis backdoor. In a worst-case scenario, the malware could lead to significant financial losses and operational disruptions across targeted industries. The most likely outcome involves continued refinement of the malware by the threat actor, necessitating ongoing vigilance and adaptation by cybersecurity professionals.

5. Key Individuals and Entities

The report mentions the following significant individuals and entities:

• FIN7
• Savage Ladybug
• Prodaft