Android users should remove these malware apps as soon as possible

As reported by Bleeping Computer, the banking Trojan Anatsa is running rampant on smartphones in Europe. We’ve seen Anatsa plaguing smartphones in the past as well, but this particular his Anatsa campaign has targeted the UK, Germany, Spain, Slovakia, Slovenia, and the Czech Republic, and in November he announced that ThreatFabric was first detected by researchers.

Anatsa has since infected at least 150,000 smartphones, but researchers estimate that number could reach 200,000. The bad guys behind malware droppers (apps designed to deliver malware) have also gotten smarter by putting malicious software into apps designed to appear in the top three of the Play Store’s “Top New Free” category. Attached is: When an app appears here, more users may be tempted to try it out, potentially increasing the number of victims infected with the malware.

How does Anatsa work?

When you install the Anatsa app on your smartphone, it covers Android’s accessibility services features. This service is designed to make Android more accessible to the widest range of users, regardless of ability, but it also allows malicious software to be installed in the background without your knowledge. As a result, it has become an entry point for many types of malware. .

Google targets this kind of accessibility service abuse, and malware finds a way. This time, these Anatsa apps were able to get by by offering a bogus “battery-draining hibernated apps” feature. End users think they are enabling the ability for a particular app to sleep in the background, but they are actually giving the Anatsa app permission to use accessibility services.

When you enable accessibility services on your app, specific pieces of malicious code are downloaded instead of the entire malicious code. This is to make it less noticeable. If an app ingests all the malicious code at once, Android might notice and terminate the process. The dropper then downloads a file containing malicious code that is used to install the actual malware on your device. From here, the app downloads a file containing a link to the malware. Finally, the malware is downloaded to your phone and launched.

Anatsa is a banking Trojan, meaning it is designed to steal banking information, including bank login details. Malicious actors can use this data to steal money or personal information, making this a particularly nasty form of malware.

Which apps contain Anatsa malware?

According to our research, 150,000 (or 200,000) downloads of Anatsa in Europe were caused by five apps:

1. Phone Cleaner – File Explorer

2. PDF Viewer – File Explorer

3. PDF reader – viewer and editor

4. Phone Cleaner: File Explorer

5. PDF reader: file manager

Of course, if you remember any of these names and have these apps installed on your device, remove them as soon as possible. Fortunately, they are no longer available for download. Google has removed them from the Play Store. However, that alone will not remove them from the device where they are installed. So, even if you don’t live in a targeted country, make sure you’re not running these apps.

How to protect yourself from malware droppers

Apps containing malware and malware installation instructions are devising new ways to trick users into downloading it. However, there are some general best practices you can adopt to protect yourself in the future.

First, avoid apps that claim to improve your phone’s performance or quality, unless they’re a well-known name with a huge following. Malicious users know that customers are looking for these types of apps and design their droppers to look like them.

If you’re starting to get skeptical about these apps, take a closer look at their Play Store pages as well. Make sure your copy is well-written and free of simple spelling or grammar mistakes. Genuine apps usually take care to do these things correctly. Additionally, make sure your images are of high quality and really showcase what the app itself is promoting.

Finally, scroll down and check out the reviews. Check the recent and most critical reviews to see if anyone is complaining that this app has made their phone run worse. Be careful, as some people may actually call the app to install malware. If a review seems wrong, or if there have been reviews of a seemingly different app in the past, it’s best to not bother with that app in the first place.