Android Security Experts Raise The Alarm Against Surge In Anatsa Banking Trojan As 90 Malicious Apps Installed 5.5 Million Times

Security experts are sounding alarm bells as new reports indicate a staggering rise in the banking trojan dubbed Anatsa. This includes how there has been a growing rise in malicious apps found on Android which continue to be downloaded via Google Play, as often as 5.5 million times.

This means saying hello to a wide number of adware and malware getting circulated via the Android system.

For those who may not be aware, this particular banking trojan is said to have targeted close to 650 apps across the world with specific dominance in regions like Asia, the EU, the UK, and the USA. it has the capability of stealing users’ sensitive credentials including banking details that are used to carry out fraudulent transactions via e-banking.

During the start of this year, we saw a report from Threat Fabric that spoke about the matter in detail and how close to 15k infections arising from Google Play took center stage via decoy apps linked to the product software domain.

Today, it’s back and in full action, getting deployed through two new decoy apps PDF Reader and QR Reader. When the shocking findings were made, it had already impacted 70k installations and proved how there was a giant risk to malicious apps that managed to fall through the cracks involved in Android’s reviewing process.

One particular feature designed to assist such dropper apps from evading detection is payloads working multi-stage. They entail four specific steps involving DEX files. It can carry out anti-analysis checks to make sure this doesn’t get executed across any sandboxes or environments.

After being set up and watching it run through new devices getting infected, it has the tendency to upload bots and app scans as well as downloads for injections that align with the users’s destination and profile.

But that’s just one of the many threats that experts are talking about in detail. Others include threats taking center stage in the past few months. Here is where more than 90 different apps across Google Play were found that managed to receive 5.5 million downloads.

Most of such apps managed to carry out impersonation of various Android tools, picture utilities, health apps, and even personalization platforms. Out of those said to be dominating across Android systems, they included the likes of Joker, Coper, and Facestealer amongst many others spreading adware online.

Amongst those said to be the most dangerous on this front, it was Anantsa and Coper, despite only having 3% of the majority in downloads across Android systems.

This is why experts have time and time again stressed the importance linked to downloading from verified sources only and reading terms of conditions to ensure they don’t engage in fraud and sensitive data stealing approaches.

Whenever you install a new platform, always review the permissions and get rid of anything that asks you to do more high-risk acts like giving access to contacts, SMS, and even accessibility services online.

For now, research experts are not unveiling the names of the many other apps, more than 90 others, who were said to be taken down by Google for similar reasons as they served as threats.

But what we can confirm right now is that after the security report by Zscaler was rolled out, two leading dropper platforms from Anatsa were deleted from Google Play.

Image: DIW-Aigen

Read next: Instagram Adds New Perk For Paid Subscribers That Allows Them to Restrict DM Requests To Other Meta Verified Users Only
Previous Post Next Post