Here’s the thing: our Android smartphones have become super handy. They’re like Swiss army knives, juggling everything from chats with friends to last-minute emails to managing our finances. But guess what? A new virtual bad guy on the block, the Anatsa banking trojan, is targeting our Androids.
Understanding the Anatsa banking trojan
This isn’t some small-scale operation, either. Since March 2023, Anatsa has been wreaking havoc in the U.S., U.K., Germany, Austria, and Switzerland. And guess what else? This isn’t the Trojan’s first rodeo. Back in November 2021, Anatsa malware was downloaded over 300,000 times. Now, it’s back with even more capabilities, taking over close to 600 different financial apps and committing fraud right on an infected device. Big banks like JP Morgan, Capital One, and TD Bank are in the crosshairs, too.
MORE: ANDROID SECRET TIP: HOW TO MAKE YOUR PHONE SHOW A SPLIT SCREEN
How Anatsa cybercriminals evade Google’s security checks
The cybercriminals behind Anatsa are like pesky cockroaches, tough to get rid of. After taking a break for a few months, they launched a new campaign in March. Their strategy? They’re dressing up malware as productivity apps like PDF editors and office suites. Here’s the sneaky part: when they first submit these apps to Google, they’re clean. The malware gets added later, allowing them to pass Google’s security checks.
How Anatsa steals and launders money
Once Anatsa gets on your phone, it starts collecting a ton of financial information like bank account credentials, credit card details, payment info, and more. It does this through overlays that pop up when you open one of the targeted banking apps. Instead of simply stealing the info and running, Anatsa commits fraud right there on your device by launching a banking app and making transactions. All the stolen funds are then converted into cryptocurrency and sent back to the hackers after passing through a network of money mules.
Beware of these malicious PDF and document apps on Android
Security pros at ThreatFabric found that the hackers are using Anatsa to steal credentials used to authorize customers in mobile banking applications and perform Device-Takeover Fraud (DTO) to initiate fraudulent transactions. ThreatFabric identified five malicious apps that the bad guys are using to drain bank accounts:
- PDF Reader – Edit & View PDF -lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools
- PDF Reader & Editor – com.proderstarler.pdfsignature
- PDF Reader & Editor – moh.filemanagerrespdf
- All Document Reader & Editor – com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs
- All Document Reader and Viewer – com.muchlensoka.pdfcreator
MORE: HOW TO TELL IF SOMEONE IS SNOOPING ON YOUR ANDROID
All of these identified malicious apps have been removed from Google Play and the developers have been banned. Google Play Protect also protects users by automatically removing apps known to contain this malware on Android devices with Google Play Services. If for some reason you still see these apps on your phone, be sure to manually uninstall them.
How to uninstall apps on Android
Settings may vary depending on your Android phone’s manufacturer
- Open the Settings app
- Scroll down and select Apps
- Tap on the app you want to delete and select Uninstall
- Confirm your choice by tapping OK or Uninstall again
What Google is doing to stop Anatsa and why it may not be enough
As mentioned earlier, all identified malicious apps have been removed from Google Play, and the developers have been banned. Google took action after being notified by ThreatFabric. Plus, Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices.
Have strong antivirus software on all your devices
Special for CyberGuy Readers:
Remember, the bad guys behind Anatsa and similar malware perpetrators are pretty quick. They keep infecting new apps with this banking trojan, so always keep an eye out by using these tools.
FOR MORE OF MY SECURITY ALERTS LIKE THIS ONE, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
MORE: HOW TO CHANGE YOUR PRIVACY SETTINGS ON YOUR ANDROID DEVICES
Strengthening your Android’s armor
So how else can you keep your phone safe from these cyber pests? Think twice before installing a new app. Do you really need it? If you’re unsure, check reviews and ratings. Video reviews can be super helpful as they show the app in action and are harder to fake.
Kurt’s key takeaways
We live in a digital age where our lives revolve around our Android smartphones. These devices are incredible tools yet can also be potential targets for threats like the Anatsa banking trojan. By staying informed, keeping a watchful eye on your apps, and following a few key security practices, you can ensure you’re not making it easy for the bad guys.
What steps will you take to protect your Android smartphone and keep your hard-earned money safe? Are you considering any extra precautions to bolster your defenses against threats like Anatsa? Let us know by commenting below.
FOR MORE OF MY SECURITY ALERTS LIKE THIS ONE, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE