And march 2023there is a new wave of mobile malware spreading the Android banking trojan named “Anatsa” among online banking customers in the US, UK, Germany, Austria and Switzerland.
Anatsa, the Android trojan that steals banking information
According to ThreatFabric security researchers, attackers are spreading the malware through the Play Store, and have already recorded over 30,000 installations using this method alone. Already in November 2021, it had over 300,000 downloads, posing as PDF scanner, QR code scanner, Adobe Illustrator apps and fitness tracking apps.
After a six-month hiatus in spreading malware, threat actors launched a March 2023 new malvertising campaign, directing potential victims to download Anatsa dropper apps directly from Google Play.
Whenever ThreatFabric reported one of these malicious apps to Google, which removed it from the store, the attackers uploaded a new one under a new identity. In all five cases of malware droppers identified, the hackers submitted apps to Google Play cleanly, and then later updated the apps with malicious code.
Anatsa is able to collect sensitive financial information such as bank account credentials, credit card details, payment information. In its current version, the Anatsa trojan can target nearly 600 financial apps from banking institutions worldwide.
How to protect yourself
Since malware attacks, like Anatsa, they are spreading to new countriesit is essential to avoid install apps from suspicious publishers, even if these apps are found on reputable stores like Google Play. Check the reviews and see if there are any reports of malicious behavior.
In the appendix of the ThreatFabric report, you will find a list of package names and signatures associated with Anatsa. You can use it to compare dubious apps, which you are not sure about.