Security News > 2023 > June > Anatsa Android trojan now steals banking info from users in US, UK
ThreatFabric discovered a previous Anatsa campaign on Google Play in November 2021, when the trojan was installed over 300,000 times by impersonating PDF scanners, QR code scanners, Adobe Illustrator apps, and fitness tracker apps.
In March 2023, after a six-month hiatus in malware distribution, the threat actors launched a new malvertizing campaign that leads prospective victims to download Anatsa dropper apps from Google Play.
In its current version, the Anatsa trojan supports targeting nearly 600 financial apps of banking institutions from around the world.
Anatsa uses the stolen information to perform on-device fraud by launching the banking app and performing transactions on the victim's behalf, automating the money-stealing process for its operators.
As malware campaigns, such as Anatsa, expand their targeting to other countries, users must be extra vigilant about the apps they install on Android devices.
As many apps on Google Play have the same name as the malicious apps, it is recommended to check the ThreatFabric report's appendix for the list of package names and signatures that are pushing Anatsa and remove them immediately from your Android device if installed.
News URL
Related news
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges (source)
- Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam (source)