This evil Android trojan is targeting hundreds of banking apps to spread money-stealing malware

(Image credit: senengmotret / Shutterstock.com)

Banking Trojan Anatsa is behind multiple confirmed fraud cases from Android apps sold on the Google Play Store, according to cybersecurity company ThreatFabric.

With over 30,000 installations, ThreatFabric says that the campaign’s target list contains almost 600 financial applications from all over the world, and its most recent attacks have been centered around the US, the US, Germany, Austria, and Switzerland.

By stealing credentials used to authenticate mobile banking customers and then performing Device-Takeover Fraud, the threat actor has been carrying out fraudulent transactions since Anatsa’s discovery in 2020.

Watch out for this mobile banking malware

Based on the number of targeted applications per country, the US tops the charts. Italy, Germany, the UK, and France round off the top five, and the UAE, Switzerland, South Korea, Australia, and Sweden complete the top 10.

> These are the best firewalls to stay protected online

> Researchers claim malware is rife on the Google Play Store

> This new malware is proving quite popular... and dangerous

In less than a year, ThreatFabric has added a further 90 applications that have been targeted to spread the money-stealing malware, but don’t be fooled: you don’t need to be downloading a banking app to be affected.

Because people typically have their guard up when it comes to online banking, many of the malware droppers identified by the cybersecurity researchers have posed as PDF viewers. Having informed the Play Store of its findings, ThreatFabric found Google quick to react, but the threat actors just as quick to republish apps of a similar nature.

Sensitive information like credentials, credit card details, balance, and payment information is collected from the infected device. The threat actor then goes on to exfiltrate money through cryptocurrencies and local mules in a Device Takeover attack, which has so far proven challenging for banking anti-fraud systems to catch.

Referring to an evolving threat landscape that baking institutions are having to deal with, Internet users are being urged to remain vigilant when it comes to sharing details with third parties online, including following ads to download apps and content.

A Google spokesperson has confirmed to TechRadar Pro in an email:

"All of these identified malicious apps have been removed from Google Play and the developers have been banned. Google Play Protect also protects users by automatically removing apps known to contain this malware on Android devices with Google Play Services."

Potential victims should consider using identity theft protection software

TOPICS

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!