New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Russian cybercrime group FIN7 (also known as Savage Ladybug or Carbanak) has developed a new Python-based backdoor called Anubis that provides complete remote control over infected Windows systems. This sophisticated malware is distributed as a ZIP package containing Python scripts and executables, using AES-CBC encryption with base64 encoding to obscure its activities. According to cybersecurity firm PRODAFT, Anubis employs obfuscation techniques to evade detection by most antivirus solutions and is primarily delivered through phishing campaigns using compromised SharePoint sites. The backdoor communicates via TCP sockets and supports numerous malicious capabilities including executing shell commands, keylogging, file transfers, registry modifications, and loading DLLs into memory. This threat represents a significant security risk to enterprise environments, particularly targeting restaurants, gambling, and hospitality industries in the United States.​​​​​​​​​​​​​​​​