Android users have been warned to delete two apps which are secretly stealing bank details and emptying accounts.
The apps, which have been installed more than 5.5 million times, were part of the ongoing Anatsa malware campaign, which has targeted more than 650 apps belonging to different financial institutions.
A report from cloud security company Zscaler reveals there has been an increase in instances of the Anatsa malware, which is also known as Teabot.
People are downloading the malware through harmless looking decoy apps like PDF Reader & File Manager and QR Reader & File Manager through the Google Play store.
Once the decoy apps are downloaded, the malicious code or command-and-control (C2) server enters your phone designed as an app update, making it like a Trojan horse.
As the malware infects the device, it can scan your phone to detect any banking apps, and sends that information back to the C2 server which then sends a fake login page for the apps it has found.
Any information that you enter will be sent back to the server and the hackers will have your bank details.
The report said that the malware mostly targets UK financial institutions, but there have also been victims in the US, Germany, Spain, Finland, South Korea, and Singapore.
Zscaler said: ‘The recent campaigns conducted by threat actors deploying the Anatsa banking trojan highlight the risks faced by Android users, in multiple geographic regions, who downloaded these malicious applications from the Google Play store.’
The report said that all identified apps have been removed from the Play Store and have been banned, but if you still have either of these two apps on your phone you should uninstall them immediately.
For extra precaution, also change the passcodes of any banking apps that you might have used on your phone to avoid your accounts being accessed by the threat actors behind Anatsa.
MORE : Paper Trail review – origami overload
MORE : Some phones are about to get an update that will actually boost your battery
MORE : There’s a new scam called ‘smishing’ that’s incredibly sophisticated
Get your need-to-know
latest news, feel-good stories, analysis and more
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
