Ethical Hacking News
Android malware known as Anatsa has infiltrated Google Play once again, targeting US banks with compromised accounts. The malicious app was discovered by threat researchers who tracked its rise from 300,000 downloads in November 2021 to a new record of 70,000 installs in May 2024. Fortunately, the app has been removed from the Google Play store, but users are advised to be cautious when installing apps and to take steps to protect themselves against future attacks.
Android malware known as Anatsa has infiltrated Google Play, targeting United States banks.Anatsa has been active on Google Play for several years, with significant downloads in 2021, 2023, and 2024.The latest app, "Document Viewer – File Reader," was published by a company that is actually a front for the malicious code.Once popular enough, Anatsa introduces malicious code via an update that fetches a payload from a remote server and installs it as a separate application.Users are advised to uninstall the app immediately and run a full system scan using Play Protect, as well as reset banking account credentials.Android users should remain vigilant when selecting apps from reputable publishers and check user reviews and permissions.
In a disturbing turn of events, Android malware known as Anatsa has once again infiltrated Google Play, this time targeting United States banks and leaving a trail of compromised accounts in its wake. The malicious app, which was released on the popular app store in June 2025, had managed to evade detection by security software and gain significant traction among users before being discovered by threat researchers.
According to Threat Fabric, a cybersecurity firm that specializes in tracking Android malware, Anatsa has been active on Google Play for several years, with previous campaigns revealing a staggering range of downloads. In November 2021, the malware achieved 300,000 downloads, while another campaign in June 2023 revealed 30,000 installations. A third campaign in February 2024 reached 150,000 downloads, and most recently, a mobile security firm called Zscaler reported that Anatsa had gained yet another infiltration on Android's official app store, with two apps posing as PDF readers and QR readers collectively amassing 70,000 downloads.
The latest Anatsa app, which has been identified as "Document Viewer – File Reader," was published by a company called "Hybrid Cars Simulator, Drift & Racing." However, it is worth noting that this app is merely a front for the malicious code that lies beneath. According to Threat Fabric researchers, who discovered the app on Google Play, Anatsa operators use a sneaky tactic in which they keep the app "clean" until it gains a substantial userbase.
Once the app becomes popular enough, the Anatsa operators introduce malicious code via an update that fetches an Anatsa payload from a remote server and installs it as a separate application. Then, Anatsa connects to the command-and-control (C2) and receives a list of targeted apps to monitor for on the infected device.
The latest Anatsa app was discovered between June 24 and 30, six weeks after its initial release on the store. Fortunately, Google has since removed the malicious app from the store. However, this does not mean that users are entirely off the hook. According to Threat Fabric, it is recommended that those who installed the app immediately uninstall it and run a full system scan using Play Protect, as well as reset their banking account credentials.
Anatsa periodically finds ways to infiltrate Google Play, so users should be vigilant in their selection of apps from reputable publishers. Users should also take the time to check user reviews, pay attention to the requested permissions, and keep the number of installed apps on their device at a necessary minimum.
In conclusion, the recent infiltration of Anatsa malware into Google Play serves as a stark reminder of the ongoing threat landscape in the digital world. Android users would do well to remain vigilant and take proactive steps to protect themselves against such malicious threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Android-Malware-Anatsa-Infiltrates-Google-Play-Again-A-New-Threat-Emerges-for-US-Banks-ehn.shtml
https://www.bleepingcomputer.com/news/security/android-malware-anatsa-infiltrates-google-play-to-target-us-banks/
Published: Tue Jul 8 11:36:52 2025 by llama3.2 3B Q4_K_M
