The Trojan has been updated with new features, allowing it to target even more banking apps
As reported by BleepingComputer, this new mobile malware campaign has been active since March of this year, and so far bank customers in the US, UK, Germany, Austria, and Switzerland have been targeted by Anatsa
As with the previous Anatsa campaign in November 2021, when the malware was downloaded over 300,000 times, the hackers behind this new campaign are hosted on the Google Play store to infect vulnerable Android smartphones using a malicious app [An updated version of the Anatsa Trojan was first discovered by security researchers at ThreatFabric, who revealed in a new report that the Trojan could hijack nearly 600 different banking apps and commit fraud on infected devices
JP Morgan
Many major banks, including JP Morgan, Capital One, TD Bank, Schwab, and Navy Federal Credit Union, could be targeted by this Trojan
In their report, security researchers at ThreatFabric highlighted five apps that the hackers behind this campaign are using to take over and drain bank accounts If you have any of these apps installed on your Android smartphone, we recommend that you uninstall them immediately All of these apps have been removed from the Play Store, but if you have any of these apps installed on your smartphone, you will need to remove them manually
After a six-month hiatus, the cybercriminals behind this new Anatsa campaign launched another malvertising campaign in March to promote the app used to drop this banking trojan
Like the previous Anatsa campaign, this campaign uses malicious apps in the office/productivity category, posing as PDF editors, viewers, and office suites However, when these apps were first submitted to Google, they did not contain malware Instead, malware was added later, such as the AhRat malware, which was listed in the Play Store and was able to pass the search giant's security checks
While investigating the issue, ThreatFabric researchers reported each of the malicious apps they discovered to Google, which removed them from the Play Store However, hackers then uploaded new apps to spread the Anatsa banking Trojan
Once installed on the best phones, Anatsa collects large amounts of financial information, including bank account credentials, credit card details, and payment information It does this by using an overlay that appears over 600 targeted banking apps when they are launched
Instead of stealing this sensitive information and storing it for later use, Anatsua uses it to commit fraud on the devices by launching one of the banking apps and executing transactions on behalf of the victim This saves time for the hackers behind this campaign, but also increases their chances of success because the user can log into the banking app on his or her smartphone and execute the transaction without arousing suspicion
Any funds stolen from the victim's bank account are converted into cryptocurrency and then passed through the Money Mule network before being sent back to the hackers behind this campaign
In a statement to Tom's Guide, a Google spokesperson offered further insight into this new Anatsa campaign and how the search giant is dealing with it, stating: "All of these identified malicious apps have been removed from Google Play and the developers have been banned Google Play Protect also protects users by automatically removing apps known to contain this malware from Android devices using the Google Play service "
The first and most important thing you can do to protect yourself from Android malware is to limit the number of apps you have on your phone Even seemingly innocuous apps can contain malware or be added later, so before installing a particular app, you should ask yourself if you really need that app
Google checks all apps uploaded to the Play Store for malware, but malicious apps can occasionally slip through the cracks Therefore, you should avoid downloading free apps and check app reviews and ratings before downloading External reviews and especially video reviews are very helpful because they show the app in action and are difficult to fake
In addition to limiting the number of apps you install, you should also consider using one of the best Android antivirus apps for your phone If your budget is limited, Google Play Protect offers a similar feature that will scan existing and newly downloaded apps for malware It too is free and comes preinstalled on most Android smartphones [The hackers behind this latest Anasta campaign seem to be pretty fast when it comes to infecting new apps with this dangerous banking trojan
Comments