- Security researchers have found a PDF application for Android with a bank Trojan horse
- The Troy was introduced with a patch, six weeks after the release
- He had more than 50,000 downloads, so users must be wary
A dangerous knight Android Banking again found a path to Google Play Store, potentially affecting tens of thousands of North American users, experts warned.
Threat manufacturers’ security researchers found an application on the Play Store, entitled “Document Viewer – File Reader”, published by a company entitled “Hybrid Cars Simulator, Drift & Racing” about two months ago and having raised a significant audience – some 50,000 people.
Until recently, the application was clean, working as expected. Then, between June 24 and 30, he received an update which transformed it into a bank Troy called Anatsa.
How to stay safe
It is a known malware that has been introduced as a smuggling in the Play Store several times in the past.
Bleeping Compompute Complaints in November 2021, the researchers found a trojanized application with 300,000 downloads, and in June 2023 a separation with 30,000 downloads. In February 2024, there was another application with Anatsa, with 150,000 downloads, and in May of the same year, two applications with 70,000 downloads between them.
Each time, Google removes applications, but the attackers seem to find a way to come back.
Anatsa is a bank Trojan horse that first scans the victim’s mobile device, looking for North American banking applications.
If it finds it, it serves them a superposition which enters the identification information and other connection data, granting attackers the possibility of connecting to accounts and making transactions. At the same time, the victims receive a message that the application undergoes planned maintenance.
The application has now been deleted from the Play Store, and if you installed it, it would be wise to delete it, then run a complete system analysis using Play Protect. The reset of the identification information of the bank account would also be advised.
“All these identified malicious applications have been deleted from Google Play,” said a google spokesperson Bleeping Compompute. “Users are automatically protected by Google Play Protect, which can warn users or block known applications to present malware on Android devices with Google Play Services.”
Via Bleeping Compompute
