Android users at risk as banking trojan targets more apps

0
23
3 banking trojan strikes again targeting wider range of apps putting android users at major risk 1.jpg
3 banking trojan strikes again targeting wider range of apps putting android users at major risk 1.jpg

Here’s the thing: our Android smartphones have become super handy. They’re like Swiss army knives, juggling everything from chats with friends to last-minute emails to managing our finances. But guess what? A new virtual bad guy on the block, the Anatsa banking trojan, is targeting our Androids. 

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER 

Understanding the Anatsa banking trojan 

This isn’t some small-scale operation, either. Since March 2023, Anatsa has been wreaking havoc in the U.S., U.K., Germany, Austria, and Switzerland. And guess what else? This isn’t the Trojan’s first rodeo. Back in November 2021, Anatsa malware was downloaded over 300,000 times. Now, it’s back with even more capabilities, taking over close to 600 different financial apps and committing fraud right on an infected device. Big banks like JP Morgan, Capital One, and TD Bank are in the crosshairs, too.

Screenshot of apps using MTI

In November 2021, Anatsa malware was downloaded over 300,000 times. (ThreatFabric)

How Anatsa cybercriminals evade Google’s security checks 

The cybercriminals behind Anatsa are like pesky cockroaches, tough to get rid of. After taking a break for a few months, they launched a new campaign in March. Their strategy? They’re dressing up malware as productivity apps like PDF editors and office suites. Here’s the sneaky part: when they first submit these apps to Google, they’re clean. The malware gets added later, allowing them to pass Google’s security checks. 

MORE: ANDROID SECRET TIP: HOW TO MAKE YOUR PHONE SHOW A SPLIT SCREEN 

How Anatsa steals and launders money 

Once Anatsa gets on your phone, it starts collecting a ton of financial information like bank account credentials, credit card details, payment info, and more. It does this through overlays that pop up when you open one of the targeted banking apps. Instead of simply stealing the info and running, Anatsa commits fraud right there on your device by launching a banking app and making transactions. All the stolen funds are then converted into cryptocurrency and sent back to the hackers after passing through a network of money mules. 

Beware of these malicious PDF and document apps on Android 

Security pros at ThreatFabric found that the hackers are using Anatsa to steal credentials used to authorize customers in mobile banking applications and perform Device-Takeover Fraud (DTO) to initiate fraudulent transactions. ThreatFabric identified five malicious apps that the bad guys are using to drain bank accounts: 

PDF Reader – Edit & View PDF -lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools 

PDF Reader & Editor – com.proderstarler.pdfsignature 

PDF Reader & Editor - moh.filemanagerrespdf 

All Document Reader & Editor – com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs 

All Document Reader and Viewer - com.muchlensoka.pdfcreator 

MORE: HOW TO TELL IF SOMEONE IS SNOOPING ON YOUR ANDROID 

Screenshot of deleted apps

Google Play Protect is a great way to protect your information, but it’s better to also have an antivirus software installed on your phone. (ThreatFabric)

All these apps have been pulled from the Play Store, although if they’re on your Android, you must get rid of them manually by uninstalling them. 

How to uninstall apps on Android 

Settings may vary depending on your Android phone’s manufacturer  

Open the Settings app 

Scroll down and select Apps 

Tap on the app you want to delete and select Uninstall 

Confirm your choice by tapping OK or Uninstall again 

What Google Is doing to stop Anatsa and why it may not be enough 

As mentioned earlier, all identified malicious apps have been removed from Google Play, and the developers have been banned.  Google took action after being notified by ThreatFabric. Plus, Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. 

Have good antivirus software on all your devices  

I recommend going beyond Google Play Protect to keep yourself from having your data breached. As we all know, free is not always the way to go, especially when we are talking about antivirus protection. Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information. 

See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by heading to Cyberguy.com/LockUpYourTech   

Related: Free antivirus: should you use it?

Hacker wearing a hoodie on laptop with numbers and locks popping up

Video reviews can be super helpful as they show the app in action and are harder to fake. (CyberGuy.com)

MORE: HOW TO CHANGE YOUR PRIVACY SETTINGS ON YOUR ANDROID DEVICES 

Strengthening your Android’s armor 

So how else can you keep your phone safe from these cyber pests? Think twice before installing a new app. Do you really need it? If you’re unsure, check reviews and ratings. Video reviews can be super helpful as they show the app in action and are harder to fake. 

Kurt’s key takeaways 

We live in a digital age where our lives revolve around our Android smartphones. These devices are incredible tools yet can also be potential targets for threats like the Anatsa banking trojan. By staying informed, keeping a watchful eye on your apps, and following a few key security practices, you can ensure you’re not making it easy for the bad guys. 

What steps will you take to protect your Android smartphone and keep your hard-earned money safe? Are you considering any extra precautions to bolster your defenses against threats like Anatsa? Let us know by writing us at Cyberguy.com/Contact 

CLICK HERE TO GET THE FOX NEWS APP

For more of my security alerts like this one, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter 

Copyright 2023 CyberGuy.com.  All rights reserved. 

Previous articleHun Sen: Facebook urged to suspend Cambodia’s PM over video threatening violence
Next articleLet People Collect Sperm From the Dead
Abraham
Expert tech and gaming writer, blending computer science expertise