April 2, 2025 By Pierluigi Paganini
FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems.
The threat actor FIN7, also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers to gain full remote control over infected Windows systems. It executes shell commands and system operations while using obfuscation to evade detection. Delivered via phishing and hosted on compromised SharePoint sites, it remains undetected by most antivirus solutions, posing a serious security risk.
“The malware is distributed as a ZIP package, which includes a single Python script alongside multiple Python executables. Some variants execute the obfuscated payload immediately after writing it to disk, while others load the payload and call a specific function from it.” reads the report published by cybersecurity firm PRODAFT. “This variability in execution methods demonstrates the malware’s adaptability and the threat actor’s efforts to diversify their delivery mechanisms for different operational scenarios.”
