Android users worldwide are being warned that they should be on high alert when downloading new apps, even ones that are available on Google’s Play Store. That’s because experts from Zscaler ThreatLabz claim they have discovered more than 90 apps which contain nasty malware – including the worrying Anatsa bug.
Once installed, the virus can start gaining access to sensitive banking information and financial information through clever overlay and accessibility techniques that allow them to collect data discreetly. That means that users are completely unaware of any wrongdoing until money starts disappearing from accounts.
Zscaler Threatlabz say that the current crop of dangerous apps have been downloaded more than 5 million times with Anatsa actively targeting banking apps across the UK and US. What makes this type of attack so hard to spot is a ‘dropper technique’ to infect phones.
The Mirror reports that this allows an app to look completely clean upon download, with criminals adding malware at a later date through an update. The team explained: “At Zscaler ThreatLabz, we regularly monitor the Google Play store for malicious applications.
“Over the past few months, we identified and analysed more than 90 malicious applications uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs. This sophisticated malware employs dropper applications that appear benign to users, deceiving them into unwittingly installing the malicious payload.
“Once installed, Anatsa exfiltrates sensitive banking credentials and financial information.”
The most recent apps detected to be infecting Android phones include PDF and QR readers, both managing to infect more than 70,000 devices before being removed by Google. If you think you could have downloaded apps called PDF Reader & File Manager, or OR Reader & File Manager, it would be a good idea to delete them without hesitation and check your bank for any changes.
Zscaler ThreatLabz added: “The recent campaigns conducted by threat actors deploying the Anatsa banking trojan highlight the risks faced by Android users, in multiple geographic regions, who downloaded these malicious applications from the Google Play store.”
You should always take the time to research any apps before downloading them and granting them permissions. Check previous reviews and research developers before downloading if unsure.