- Android users are urged to delete apps as existing Anatsa bug can steal details
- The malware can access credentials, mobile banking and view your balance
Android users across the UK have been issued with an urgent warning over a security threat that could end up stealing their bank details.
The latest threat was discovered by the security team at ThreatFabric and is using apps uploaded to the Google Play Store to infect phones with fraudulent Anatsa banking trojan.
Once installed on a device, the money-stealing bug can steal credentials which can be used to authorise users whey log into mobile banking.
Hackers can then gain control of someone’s account and access credentials, credit card details, bank balance and payment information as well as transfer funds with less likelihood of the card holder noticing.
ThreatFabric explains: ‘Since transactions are initiated from the same device that targeted bank customers regularly use, it has been reported that it is very challenging for banking anti-fraud systems to detect it.’
Anatsa isn’t a new issue, the bug has been causing damage since 2020, but this new malware is now targeting Android users in the UK and USA as well as phone owners in Italy, Germany and France.
According to security researchers at the tech company who have been tracking the activity, the bug has over 30,000 installations via this method alone.
In March 2023, the threat actors launched a new campaign that led unaware victims to download Anatsa dropper apps from Google Play.
Threat Fabric says that it saw a total of five new dropper apps crop up on the Play Store in just four months all posing as PDF reader software, according to the Mirror.
Whenever ThreatFabric reported the bug to Google it was removed from the sore, but the malware quickly returned under a new dropper and guise.
One software named PDF Viewer was downloaded over 10,000 times before Android caught on.
All the infected apps have now been removed from the Play Store. However, if you have downloaded any PDF software this year, it may be a good idea to double check if it is from an official source.
A Google spokesperson told BleepingComputer: ‘All of these identified malicious apps have been removed from Google Play and the developers have been banned.
‘Google Play Protect also protects users by automatically removing apps known to contain this malware on Android devices with Google Play Services.’
Full list of apps banned by Google:
- PDF Reader – Edit & View PDF
- PDF Reader & Editor
- All Document Reader & Editor
- All Document Reader & Viewer