Beware! Anatsa Android Trojan is Now Stealing Banking information

Onsa MustafaLast Updated: Jun 27, 2023
Anatsa Android Trojan

A new mobile malware campaign Anatsa Android Trojan is stealing banking information from online banking customers in the U.S., the U.K., Germany, Austria, and Switzerland. According to security researchers at ThreatFabric, the attackers are distributing their malware via the Play Store and already have over 30,000 installations via this method alone.

ThreatFabric discovered a previous Anatsa campaign on Google Play in November 2021, when the trojan was installed over 300,000 times by impersonating PDF scanners, QR code scanners, Adobe Illustrator apps, and fitness tracker apps.

Beware! Anatsa Android Trojan is Now Stealing Banking information

In March 2023, after a six-month break in malware distribution, the threat actors launched a new campaign that leads prospective victims to download Anatsa dropper apps from Google Play. The malicious apps continue to belong to the office/productivity category, posing as PDF viewer and editor apps and office suites.

Check Also: NSA Shares Tips to Defend BlackLotus UEFI Malware Attacks

Whenever ThreatFabric reported the malicious app to Google and it was removed from the store. The attackers returned quickly by uploading a new dropper under a new mask.

Once installed on the victim’s device, the dropper apps request an external resource hosted on GitHub, from where they download the Anatsa payloads masqueraded as text recognizer add-ons for Adobe Illustrator.

Anatsa collects financial information such as bank account credentials, credit card details, payment information, etc.

In its current version, the Anatsa trojan supports targeting nearly 600 financial apps of banking institutions from around the world.

The stolen amounts are converted to cryptocurrency. It passed through an extensive network of money mules in the targeted countries. They keep a portion of the stolen funds as a revenue share and send the rest to the attackers.

As malware campaigns, such as Anatsa, expand their targeting to other countries. So users should be more cautioned while installing any app on Android devices. Users should avoid installing apps from dubious publishers. Furthermore, if possible, avoid apps with few installs and reviews and instead install apps that are well-known and commonly cited on websites.

See Also: Trojanized Super Mario Bros Game Spreads Serious Malware

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!
Onsa MustafaLast Updated: Jun 27, 2023
Photo of Onsa Mustafa

Onsa Mustafa

Onsa is a Software Engineer and a tech blogger who focuses on providing the latest information regarding the innovations happening in the IT world. She likes reading, photography, travelling and exploring nature.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Get Alerts!

PhoneWorld Logo

Join the groups below to get the latest updates!

💼PTA Tax Updates
💬WhatsApp Channel

>