Categories: Trending now

Nefarious Anatsa Android Trojan Caught Stealing Banking Information and Performing On-Device Fraud

Researchers have discovered the use of an Android banking trojan to collect the financial informational of users in several countries. The Anatsa trojan, which was previously discovered by the same security research firm two years ago, has been used via a few apps on the Play Store masquerading as productivity and office apps, with over 30,000 downloads. The malware creators publish clean apps to Google’s app store to evade detection during the initial review, then update them with malicious code. Users who have downloaded these infected applications will have to manually remove them from their smartphones.

Security firm ThreatFabric has published details of the Anatsa banking trojan that infected a few applications on the Play Store that were marketed as “office” apps (for documents and spreadsheets) and PDF viewer and editor apps. After a user installs one of the infected applications, it connects to a GitHub server to download the malware, which poses as an “add-on” for the apps — such as an optical character recognition (OCR) tool for documents and PDFs, according to the firm.

ThreatFabric’s list of some of the banking apps affected by the trojan
Photo Credit: Screenshot/ ThreatFabric

 

The banking trojan will then target nearly 600 banking apps from several countries including the Capital One and JP Morgan Mobile apps in the US, as well as banking apps from Australia, France, Germany, Italy, the UK, South Korea, Sweden, and Switzerland. It displays a phishing page on the user’s screen when they attempt to open their banking app. The malware can then steal credit card information, login credentials, PIN numbers, via logging keystrokes.

What makes the Anatsa banking trojan truly nefarious is that it can use the information gleaned from the victim to load the legitimate banking apps and transfer funds from their account. The security firm explains that this makes it difficult for anti-fraud systems used by banks to identify the automated, illegitimate transaction. These funds are then transferred to the Anatsa operators in the form of cryptocurrency, according to ThreatFabric.

App Android package name
PDF Reader – Edit & View PDF lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools
PDF Reader & Editor com.proderstarler.pdfsignature
PDF Reader & Editor moh.filemanagerrespdf
All Document Reader & Editor com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs
All Document Reader and Viewer com.muchlensoka.pdfcreator

 

Users who have installed the “droppers” for the Anatsa trojan — identified by ThreatFabric and listed in the table above — will have to manually uninstall these apps from their smartphones. The apps have already been removed from the Play Store, according to the security firm, which previously discovered the trojan in 2021.

ThreatFabric notes that even after Google removed the apps infected with the Anatsa trojan, the creators would promptly upload a new version of the app, disguised once again, to the Play Store. In order to stay safe from these nefarious trojans, users should opt for well-known apps and avoid installing those that have a few downloads, while checking the user reviews for reports of theft of information or fraud.


Affiliate links may be automatically generated – see our ethics statement for details.
News Today

Recent Posts

Kareena Kapoor’s Next Untitled Film With Meghna Gulzar Gets Prithviraj Sukumaran On Board

Kareena Kapoor is working with Raazi director Meghna Gulzar for her next film. The project,…

2 weeks ago

Purdue basketball freshman Daniel Jacobsen injured vs Northern Kentucky

2024-11-09 15:00:03 WEST LAFAYETTE -- Daniel Jacobsen's second game in Purdue basketball's starting lineup lasted…

2 weeks ago

Rashida Jones honors dad Quincy Jones with heartfelt tribute: ‘He was love’

2024-11-09 14:50:03 Rashida Jones is remembering her late father, famed music producer Quincy Jones, in…

2 weeks ago

Nosferatu Screening at Apollo Theatre Shows Student Interest in Experimental Cinema – The Oberlin Review

2024-11-09 14:40:03 A silent German expressionist film about vampires accompanied by Radiohead’s music — what…

2 weeks ago

What Are Adaptogens? Find Out How These 3 Herbs May Help You Tackle Stress Head-On

Let's face it - life can be downright stressful! With everything moving at breakneck speed,…

2 weeks ago

The new Mac Mini takes a small step towards upgradeable storage

Apple’s redesigned Mac Mini M4 has ditched the previous M2 machine’s SSD that was soldered…

2 weeks ago