This evil Android trojan is targeting hundreds of banking apps to spread money-stealing malware

Thousands of online banking customers targeted by money-stealing Android malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Banking Trojan Anatsa is behind multiple confirmed fraud cases from Android apps sold on theGoogle Play Store, according to cybersecurity companyThreatFabric.

With over 30,000 installations, ThreatFabric says that the campaign’s target list contains almost 600 financial applications from all over the world, and its most recent attacks have been centered around the US, the US, Germany, Austria, and Switzerland.

By stealing credentials used to authenticate mobile banking customers and then performing Device-Takeover Fraud, the threat actor has been carrying out fraudulent transactions since Anatsa’s discovery in 2020.

Watch out for this mobile banking malware

Based on the number of targeted applications per country, the US tops the charts. Italy, Germany, the UK, and France round off the top five, and the UAE, Switzerland, South Korea, Australia, and Sweden complete the top 10.

These are the best firewalls to stay protected online>Researchers claim malware is rife on the Google Play Store>This new malware is proving quite popular… and dangerous

In less than a year, ThreatFabric has added a further 90 applications that have been targeted to spread the money-stealingmalware, but don’t be fooled: you don’t need to be downloading a banking app to be affected.

Because people typically have their guard up when it comes to online banking, many of the malware droppers identified by the cybersecurity researchers have posed as PDF viewers. Having informed the Play Store of its findings, ThreatFabric found Google quick to react, but the threat actors just as quick to republish apps of a similar nature.

Sensitive information like credentials, credit card details, balance, and payment information is collected from the infected device. The threat actor then goes on to exfiltrate money through cryptocurrencies and local mules in a Device Takeover attack, which has so far proven challenging for banking anti-fraud systems to catch.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Referring to an evolving threat landscape that baking institutions are having to deal with, Internet users are being urged to remain vigilant when it comes to sharing details with third parties online, including following ads to download apps and content.

A Google spokesperson has confirmed toTechRadar Proin an email:

“All of these identified malicious apps have been removed from Google Play and the developers have been banned.Google Play Protectalso protects users by automatically removing apps known to contain this malware on Android devices with Google Play Services.”

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)