Android phone users, including those in the UK, are being warned about a new threat that’s targeting bank accounts.
Anyone who has an Android phone in their pocket should be on high alert when downloading any new apps – even if they are available on Google’s official Play Store. Security experts from Zscaler ThreatLabz say they have recently discovered over 90 applications that contain nasty malware including the extremely worrying Anstsa bug.
Once installed, this virus can start gaining access to sensitive banking credentials and financial information. It does this by using clever overlay and accessibility techniques which allows hackers to intercept and collect data discreetly. That means the user will be completely unaware anything is wrong until money starts going missing.
According to Zscaler ThreatLabz, the current crop of dangerous apps have been downloaded over 5 million times with Anatsa actively targeting banking applications in the US and UK.
What makes this type of attack so hard to spot is that it uses a so-called “dropper technique” to infect phones. On first impressions, the downloaded app looks completely clean with the criminals then adding the malware at a later date via an update.
“At Zscaler ThreatLabz, we regularly monitor the Google Play store for malicious applications,” the team explained.
“Over the past few months, we identified and analyzed more than 90 malicious applications uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs.
“This sophisticated malware employs dropper applications that appear benign to users, deceiving them into unwittingly installing the malicious payload. Once installed, Anatsa exfiltrates sensitive banking credentials and financial information.”
The most recent apps found to be infecting Android phones include PDF and QR readers. Both managed to infect over 70,000 devices before being removed by Google.
If you think you may have downloaded apps called PDF Reader & File Manager or OR Reader & File Manager then it’s a good idea to delete them immediately and keep a close eye on your bank account.
As always, before installing anything on your Android device take time to do some research and check things out before tapping the download button.
Look at the developers and make sure they have a good reputation. It’s also a good idea to look at previous reviews and be really careful what permissions you grant the app. If you’re unsure, DON’T download it.
“The recent campaigns conducted by threat actors deploying the Anatsa banking trojan highlight the risks faced by Android users, in multiple geographic regions, who downloaded these malicious applications from the Google Play store,” Zscaler ThreatLabz added.
