iOS VPN App
Here’s the thing: our Android smartphones have become super handy. They’re like Swiss army knives, juggling everything from chats with friends to last-minute emails to managing our finances. But guess what? A new virtual bad guy on the block, the Anatsa banking trojan, is targeting our Androids.
Understanding the Anatsa banking trojan
This isn’t some small-scale operation, either. Since March 2023, Anatsa has been wreaking havoc in the U.S., U.K., Germany, Austria, and Switzerland. And guess what else? This isn’t the Trojan’s first rodeo. Back in November 2021, Anatsa malware was downloaded over 300,000 times. Now, it’s back with even more capabilities, taking over close to 600 different financial apps and committing fraud right on an infected device. Big banks like JP Morgan, Capital One, and TD Bank are in the crosshairs, too.
How Anatsa cybercriminals evade Google’s security checks
The cybercriminals behind Anatsa are like pesky cockroaches, tough to get rid of. After taking a break for a few months, they launched a new campaign in March. Their strategy? They’re dressing up malware as productivity apps like PDF editors and office suites. Here’s the sneaky part: when they first submit these apps to Google, they’re clean. The malware gets added later, allowing them to pass Google’s security checks.
How Anatsa steals and launders money
Once Anatsa gets on your phone, it starts collecting a ton of financial information like bank account credentials, credit card details, payment info, and more. It does this through overlays that pop up when you open one of the targeted banking apps. Instead of simply stealing the info and running, Anatsa commits fraud right there on your device by launching a banking app and making transactions. All the stolen funds are then converted into cryptocurrency and sent back to the hackers after passing through a network of money mules.