Security News > 2023 > June > Anatsa Android trojan now steals banking info from users in US, UK
ThreatFabric discovered a previous Anatsa campaign on Google Play in November 2021, when the trojan was installed over 300,000 times by impersonating PDF scanners, QR code scanners, Adobe Illustrator apps, and fitness tracker apps.
In March 2023, after a six-month hiatus in malware distribution, the threat actors launched a new malvertizing campaign that leads prospective victims to download Anatsa dropper apps from Google Play.
In its current version, the Anatsa trojan supports targeting nearly 600 financial apps of banking institutions from around the world.
Anatsa uses the stolen information to perform on-device fraud by launching the banking app and performing transactions on the victim's behalf, automating the money-stealing process for its operators.
As malware campaigns, such as Anatsa, expand their targeting to other countries, users must be extra vigilant about the apps they install on Android devices.
As many apps on Google Play have the same name as the malicious apps, it is recommended to check the ThreatFabric report's appendix for the list of package names and signatures that are pushing Anatsa and remove them immediately from your Android device if installed.
News URL
Related news
- Chameleon Android Banking Trojan Targets Users Through Fake CRM App (source)
- Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users (source)
- TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud (source)
- New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities (source)
- New Android Trojan "BlankBot" Targets Turkish Users' Financial Data (source)
- Hackers steal banking creds from iOS, Android users via PWA apps (source)
- Cyber crooks shut down UK, US schools, thousands of kids affected (source)