[ad_1]
Smartphone users in the U.S., U.K., Germany, Austria, and Switzerland are under attack by an Android trojan called ‘Anatsa’ which targets online banking customers in those countries. Trojan malware uses apps that hide their true intentions and once they get downloaded on your phone, the true nature of these apps becomes known similar to the story about the Trojan Horse.
The latest Anatsa campaign started this March with the goal of creating fraudulent banking transactions
Once the app was reported to Google, it was removed from the Play Store. But a month later, the attackers added another app to the Play Store, this time a PDF viewer app, and once again a payload was downloaded to the app disguised as an add-on.
How the fraud cycle works with the Anatsa trojan
And once again, the dropper app was reported to Google and removed from the Play Store. Three more droppers were discovered in the Play Store last month and this month. It takes a couple of days to a couple of weeks for these malicious apps to be listed in the Play Store and as of this moment, there is an Anatsa dropper still listed in Google’s Android app storefront.
Once a device is infected, the trojan can collect sensitive information including credentials, credit card details, balance, and payment information. This data is used by the attackers to create transactions using the victim’s bank account. Since these transactions use the same devices that the targeted bank customers usually use, it is hard for anti-fraud systems to spot illegal transactions.
Make sure that you do not have any of these five apps on your Android phone
Back in 2021, ThreatFabric discovered a previous Anatsa campaign on Google Play when the trojan was installed over 300,000 times by apps pretending to be PDF scanners, QR code scanners, Adobe Illustrator apps, and fitness tracker apps.
The latest Anatsa droppers (and their package names) include these five apps that were, at one time, available from the Google Play Store. The titles are:
PDF Reader – Edit & View PDF-lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools
PDF Reader & Editor-com.proderstarler.pdfsignature
PDF Reader & Editor-moh.filemanagerrespdf
All Document Reader & Editor-com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs
All Document Reader and Viewer-com.muchlensoka.pdfcreator
One of the Anatsa dropper apps
Even if they have been kicked out of the Play Store, should they still be installed on your phone, they can do damage. And remember, these are banking trojans that are looking to drain your bank accounts. So if you have any of these five on your Android handset, delete them immediately if not faster. And make it a point to check out your bank balance perhaps as much as several times a day to make sure that nothing funny is going on.
[ad_2]
Source link