Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor www.gdatasoftware.com/blog/2025…

In the ever-evolving landscape of advanced persistent threats (APTs), the notorious financial cybercrime group FIN7 has added another sophisticated tool to their arsenal. We have recently discovered a new Python-based backdoor, called “AnubisBackdoor”, being deployed in their latest campaigns.

FIN7, active since at least 2015, has established itself as one of the most technically sophisticated criminal groups targeting primarily the financial and hospitality sectors. Known for their custom malware development capabilities and innovative social engineering tactics, FIN7 has historically caused billions in damages globally.

FIN7 employs a multi-layered approach in their operations. The malware deliberately uses a combination of legitimate programming techniques to mask its malicious intent, making static analysis more difficult for malware analysts.

FIN7’s implementation demonstrates their continued evolution from earlier campaigns. By using Python, a legitimate scripting language found in many environments, the group creates a backdoor that blends in with normal system operations. The combination of encryption, obfuscation, and anti-forensic techniques shows a deep understanding of modern security controls and how to bypass them.