Smartphone users in the US, UK, Germany, Austria and Switzerland are being attacked by an Android trojan called “Anatsa” which targets online banking customers in those countries. Trojan malware uses apps that hide their true intentions and once downloaded on your phone, the true nature of these apps becomes known similar to the Trojan horse story.
Anatsa’s latest campaign began in March with the aim of creating fraudulent bank transactions
Once the app was reported to Google, it was removed from the Play Store. But a month later, the attackers added another app to the Play Store, this time a PDF viewer app, and once again a payload was downloaded into the app disguised as an add-on.
![How Anatsa trojan fraud cycle works - Android banking trojan wants to drain your online bank account; delete these five apps now!](https://dominatorsoft.com/wp-content/uploads/2023/06/Android-banking-trojan-wants-to-drain-your-online-bank-account.jpg)
How the fraud cycle works with the Anatsa trojan
And once again, the dropper app has been reported to Google and removed from the Play Store. Three more droppers were discovered in the Play Store last month and this month. It takes a couple of days to a couple of weeks for these malicious apps to be listed in the Play Store, and as of right now, there is still an Anatsa dropper listed in Google’s Android app storefront.
Once a device is infected, the trojan can collect sensitive information including credentials, credit card details, balance and payment information. This data is used by the attackers to create transactions using the victim’s bank account. Since these transactions use the same devices typically used by the targeted bank’s customers, it is difficult for anti-fraud systems to detect illegal transactions.
Make sure you don’t have any of these five apps on your Android phone
In 2021, ThreatFabric discovered a previous Anatsa campaign on Google Play when the trojan was installed over 300,000 times by apps posing as PDF scanners, QR code scanners, Adobe Illustrator apps and fitness tracker apps.
Anatsa’s latest droppers (and their package names) include these five apps that were, at one time, available from the Google Play Store. The titles are:
PDF Reader – Edit & View PDF-lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools
PDF Reader & Editor-com.proderstarler.pdfsignature
PDF Reader & Editor-moh.filemanagerrespdf
All Document Reader & Editor-com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs
All document readers and viewers-com.muchlensoka.pdfcreator
![One of the dropper apps Anatsa: Android banking trojan wants to drain your online bank account; delete these five apps now!](https://dominatorsoft.com/wp-content/uploads/2023/06/1687837002_357_Android-banking-trojan-wants-to-drain-your-online-bank-account.jpg)
One of Anatsa’s dropper apps
Even if they have been kicked out of the play store, if they are still installed on your phone, they can cause harm. And remember, these are banking trojans that are trying to drain your bank accounts. So, if you have any of these five on your Android phone, delete them immediately if not faster. And try to check your bank balance maybe several times a day to make sure nothing funny is going on.
#Android #banking #trojan #drain #online #bank #account #delete #apps
Image Source : www.phonearena.com