[ad_1]
A team of researchers discovered five Android apps infected with Anatsa malware, which is designed to infiltrate computers and mobile devices and steal users’ sensitive financial data. Researchers claim these apps were downloaded more than 150,000 times.
Researchers at fraud detection firm ThreatFabric (via BleepingComputer) have noticed an increase in Anatsa activity since November. Total downloads are expected to increase as Anatsa is constantly launching new waves of attacks with new dropper apps.
According to reports, the Anatsa banking Trojan is currently prevalent in Europe, infecting Android devices through malware droppers (or apps) hosted on Google Play. Researchers discovered five of his campaigns aimed at delivering malware to users in the United Kingdom, Germany, Spain, Slovakia, Slovenia, and the Czech Republic.
How this malware attacks users The report notes that each wave of attacks focuses on a specific region and uses apps created to reach Google Play’s “Top New Free” category. This method increases reliability and increases success rates.
According to ThreatFabric, the app implements a multi-step infection process and has evolved to exploit Android accessibility services to bypass security measures in Android 13 and later. Malware operators use both PDF apps and fake cleaner apps that promise to remove unnecessary files and free up space on your device.
Google has reportedly removed all apps infected with Anatsa from the official Android store. The five malicious apps are:
Phone Cleaner – File Explorer (com.volabs.androidcleaner)
PDF Viewer – File Explorer (com.xolab.fileexplorer)
PDF Reader – Viewer and Editor (com.jumbodub.fileexplorerpdfviewer)
Phone Cleaner: File Explorer (com.appiclouds.phonecleaner)
PDF Reader: File Manager (com.tragisoap.fileandpdfmanager)
The company also claimed that it used a lower estimate in its tally, so the actual number could be closer to 200,000.
Researchers at fraud detection firm ThreatFabric (via BleepingComputer) have noticed an increase in Anatsa activity since November. Total downloads are expected to increase as Anatsa is constantly launching new waves of attacks with new dropper apps.
According to reports, the Anatsa banking Trojan is currently prevalent in Europe, infecting Android devices through malware droppers (or apps) hosted on Google Play. Researchers discovered five of his campaigns aimed at delivering malware to users in the United Kingdom, Germany, Spain, Slovakia, Slovenia, and the Czech Republic.
How this malware attacks users The report notes that each wave of attacks focuses on a specific region and uses apps created to reach Google Play’s “Top New Free” category. This method increases reliability and increases success rates.
According to ThreatFabric, the app implements a multi-step infection process and has evolved to exploit Android accessibility services to bypass security measures in Android 13 and later. Malware operators use both PDF apps and fake cleaner apps that promise to remove unnecessary files and free up space on your device.
Google has reportedly removed all apps infected with Anatsa from the official Android store. The five malicious apps are:
Phone Cleaner – File Explorer (com.volabs.androidcleaner)
PDF Viewer – File Explorer (com.xolab.fileexplorer)
Expanding
Phone Cleaner: File Explorer (com.appiclouds.phonecleaner)
PDF Reader: File Manager (com.tragisoap.fileandpdfmanager)
The company also claimed that it used a lower estimate in its tally, so the actual number could be closer to 200,000.
[ad_2]
Source link
