Online security threats are constant. The latest one comes in the form of the ‘Anatsa’ Android banking trojan that appeared in several countries. It is trying to steal banking data from customers in the US, the UK, Germany, Austria, and Switzerland.
‘Anatsa’ Android banking trojan is back, as it surfaced in five countries
Security researchers over at ThreatFabric have been tracking this malware. It has been distributed via the Google Play Store, and apps containing it got installed over 30,000 times. Google has confirmed that all apps have been removed from the Play Store.
Still, if you have them installed on your device, those apps can still do the damage. Before we get down to the apps themselves, do note that this banking trojan is not new. ThreatFrabric stumbled upon it back in November 2021, when it was installed on apps installed over 300,000 times.
The apps are once again masking to be office/productivity applications
This new campaign started in March this year. The infected apps are still in the office/productivity category, as was the case before. They’re acting as PDF viewers, editors, and so on.
All apps that get infected by this malware are uploaded to the Play Store with a clean slate, and the malware gets added after the fact. All these apps ask for an external resource hosted on GitHub, from where Anatsa payloads get downloaded. Samples below.
Anatsa malware collects financial information from its victims. Information such as bank account credentials, credit card details, payment information, and so on. It does that by overlaying phishing pages on the foreground when you try to log into a legitimate banking app. It also uses keylogging.
This malware, in its current version, supports around 600 financial apps
Anatsa, in its current version, supports around 600 financial apps of banking institutions from all over the world. So it can mask itself to look like basically any well-known banking app used in the listed countries.
Once it gets all the info it needs, it’ll do its best to launch banking apps on your phone, and perform transactions on your behalf, thus steal money from you. “Since transactions are initiated from the same device that targeted bank customers regularly use, it has been reported that it is very challenging for banking anti-fraud systems to detect it”, says ThreatFabric.
Below, you can see a list of malicious apps with Anatsa banking trojan. Once again, all of them have been removed from the Google Play Store.
2023-06-27 15:22:03