Here’s the thing: our Android smartphones have become super handy. They’re like Swiss army knives, juggling everything from chats with friends to last-minute emails to managing our finances. But guess what? A new virtual bad guy on the block, the Anatsa banking trojan, is targeting our Androids.
Understanding the Anatsa banking trojan
This isn’t some small-scale operation, either. Since March 2023, Anatsa has been wreaking havoc in the U.S., U.K., Germany, Austria, and Switzerland. And guess what else? This isn’t the Trojan’s first rodeo. Back in November 2021, Anatsa malware was downloaded over 300,000 times. Now, it’s back with even more capabilities, taking over close to 600 different financial apps and committing fraud right on an infected device. Big banks like JP Morgan, Capital One, and TD Bank are in the crosshairs, too.
How Anatsa cybercriminals evade Google’s security checks
The cybercriminals behind Anatsa are like pesky cockroaches, tough to get rid of. After taking a break for a few months, they launched a new campaign in March. Their strategy? They’re dressing up malware as productivity apps like PDF editors and office suites. Here’s the sneaky part: when they first submit these apps to Google, they’re clean. The malware gets added later, allowing them to pass Google’s security checks.
How Anatsa steals and launders money
Once Anatsa gets on your phone, it starts collecting a ton of financial information like bank account credentials, credit card details, payment info, and more. It does this through overlays that pop up when you open one of the targeted banking apps. Instead of simply stealing the info and running, Anatsa commits fraud right there on your device by launching a banking app and making transactions. All the stolen funds are then converted into cryptocurrency and sent back to the hackers after passing through a network of money mules.
Beware of these malicious PDF and document apps on Android
Security pros at ThreatFabric found that the hackers are using Anatsa to steal credentials used to authorize customers in mobile banking applications and perform Device-Takeover Fraud (DTO) to initiate fraudulent transactions. ThreatFabric identified five malicious apps that the bad guys are using to drain bank accounts:
PDF Reader – Edit & View PDF -lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools
PDF Reader & Editor – com.proderstarler.pdfsignature
PDF Reader & Editor - moh.filemanagerrespdf
All Document Reader & Editor – com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs
All Document Reader and Viewer - com.muchlensoka.pdfcreator
All these apps have been pulled from the Play Store, although if they’re on your Android, you must get rid of them manually by uninstalling them.
How to uninstall apps on Android
Settings may vary depending on your Android phone’s manufacturer
Open the Settings app
Scroll down and select Apps
Tap on the app you want to delete and select Uninstall
Confirm your choice by tapping OK or Uninstall again
What Google Is doing to stop Anatsa and why it may not be enough
As mentioned earlier, all identified malicious apps have been removed from Google Play, and the developers have been banned. Google took action after being notified by ThreatFabric. Plus, Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices.
Have good antivirus software on all your devices
I recommend going beyond Google Play Protect to keep yourself from having your data breached. As we all know, free is not always the way to go, especially when we are talking about antivirus protection. Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information.
See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by heading to Cyberguy.com/LockUpYourTech
Related: Free antivirus: should you use it?
Strengthening your Android’s armor
So how else can you keep your phone safe from these cyber pests? Think twice before installing a new app. Do you really need it? If you’re unsure, check reviews and ratings. Video reviews can be super helpful as they show the app in action and are harder to fake.
Kurt’s key takeaways
We live in a digital age where our lives revolve around our Android smartphones. These devices are incredible tools yet can also be potential targets for threats like the Anatsa banking trojan. By staying informed, keeping a watchful eye on your apps, and following a few key security practices, you can ensure you’re not making it easy for the bad guys.
What steps will you take to protect your Android smartphone and keep your hard-earned money safe? Are you considering any extra precautions to bolster your defenses against threats like Anatsa? Let us know by writing us at Cyberguy.com/Contact
For more of my security alerts like this one, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Copyright 2023 CyberGuy.com. All rights reserved.
Visit US Webstories for more tech news and updates.