Android users at risk as banking trojan targets more apps

Here’s the thing: our Android smartphones have become super handy. They’re like Swiss army knives, juggling everything from chats with friends to last-minute emails to managing our finances. But guess what? A new virtual bad guy on the block, the Anatsa banking trojan, is targeting our Androids.

 

 

Understanding the Anatsa banking trojan

This isn’t some small-scale operation, either. Since March 2023, Anatsa has been wreaking havoc in the U.S., U.K., Germany, Austria, and Switzerland. And guess what else? This isn’t the Trojan’s first rodeo. Back in November 2021, Anatsa malware was downloaded over 300,000 times. Now, it’s back with even more capabilities, taking over close to 600 different financial apps and committing fraud right on an infected device. Big banks like JP Morgan, Capital One, and TD Bank are in the crosshairs, too.

Credit: ThreatFabric

 

MORE: ANDROID SECRET TIP: HOW TO MAKE YOUR PHONE SHOW A SPLIT SCREEN

 

How Anatsa cybercriminals evade Google’s security checks

The cybercriminals behind Anatsa are like pesky cockroaches, tough to get rid of. After taking a break for a few months, they launched a new campaign in March. Their strategy? They’re dressing up malware as productivity apps like PDF editors and office suites. Here’s the sneaky part: when they first submit these apps to Google, they’re clean. The malware gets added later, allowing them to pass Google’s security checks.

 

How Anatsa steals and launders money

Once Anatsa gets on your phone, it starts collecting a ton of financial information like bank account credentials, credit card details, payment info, and more. It does this through overlays that pop up when you open one of the targeted banking apps. Instead of simply stealing the info and running, Anatsa commits fraud right there on your device by launching a banking app and making transactions. All the stolen funds are then converted into cryptocurrency and sent back to the hackers after passing through a network of money mules.

 

Beware of these malicious PDF and document apps on Android

Security pros at ThreatFabric found that the hackers are using Anatsa to steal credentials used to authorize customers in mobile banking applications and perform Device-Takeover Fraud (DTO) to initiate fraudulent transactions. ThreatFabric identified five malicious apps that the bad guys are using to drain bank accounts:

  • PDF Reader – Edit & View PDF -lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools
  • PDF Reader & Editor – com.proderstarler.pdfsignature
  • PDF Reader & Editor – moh.filemanagerrespdf
  • All Document Reader & Editor – com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs
  • All Document Reader and Viewer – com.muchlensoka.pdfcreator

MORE: HOW TO TELL IF SOMEONE IS SNOOPING ON YOUR ANDROID

Credit: ThreatFabric

All of these identified malicious apps have been removed from Google Play and the developers have been banned. Google Play Protect also protects users by automatically removing apps known to contain this malware on Android devices with Google Play Services.  If for some reason you still see these apps on your phone, be sure to manually uninstall them.

 

How to uninstall apps on Android

Settings may vary depending on your Android phone’s manufacturer

  • Open the Settings app
  • Scroll down and select Apps
  • Tap on the app you want to delete and select Uninstall
  • Confirm your choice by tapping OK or Uninstall again

 

What Google is doing to stop Anatsa and why it may not be enough

As mentioned earlier, all identified malicious apps have been removed from Google Play, and the developers have been banned.  Google took action after being notified by ThreatFabric. Plus, Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices.

 

Have strong antivirus software on all your devices

Special for CyberGuy Readers: 

Best Antivirus Protection 2024

Remember, the bad guys behind Anatsa and similar malware perpetrators are pretty quick. They keep infecting new apps with this banking trojan, so always keep an eye out by using these tools.

 

FOR MORE OF MY SECURITY ALERTS LIKE THIS ONE, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

MORE: HOW TO CHANGE YOUR PRIVACY SETTINGS ON YOUR ANDROID DEVICES

 

Strengthening your Android’s armor

So how else can you keep your phone safe from these cyber pests? Think twice before installing a new app. Do you really need it? If you’re unsure, check reviews and ratings. Video reviews can be super helpful as they show the app in action and are harder to fake.

 

Kurt’s key takeaways

We live in a digital age where our lives revolve around our Android smartphones. These devices are incredible tools yet can also be potential targets for threats like the Anatsa banking trojan. By staying informed, keeping a watchful eye on your apps, and following a few key security practices, you can ensure you’re not making it easy for the bad guys.

What steps will you take to protect your Android smartphone and keep your hard-earned money safe? Are you considering any extra precautions to bolster your defenses against threats like Anatsa? Let us know by commenting below.

FOR MORE OF MY SECURITY ALERTS LIKE THIS ONE, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Related posts

How to protect your deliveries from getting stolen by porch pirates

How to keep your browsing history private

How your browser is spying on you. Hidden dangers lurking behind every click