Android users at risk as banking trojan targets more apps

iOS VPN App

Protect Your Access to the Internet


Here’s the thing: our Android smartphones have become super handy. They’re like Swiss army knives, juggling everything from chats with friends to last-minute emails to managing our finances. But guess what? A new virtual bad guy on the block, the Anatsa banking trojan, is targeting our Androids. 

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER 

Understanding the Anatsa banking trojan 

This isn’t some small-scale operation, either. Since March 2023, Anatsa has been wreaking havoc in the U.S., U.K., Germany, Austria, and Switzerland. And guess what else? This isn’t the Trojan’s first rodeo. Back in November 2021, Anatsa malware was downloaded over 300,000 times. Now, it’s back with even more capabilities, taking over close to 600 different financial apps and committing fraud right on an infected device. Big banks like JP Morgan, Capital One, and TD Bank are in the crosshairs, too.

Screenshot of apps using MTI

In November 2021, Anatsa malware was downloaded over 300,000 times. (ThreatFabric)

How Anatsa cybercriminals evade Google’s security checks 

The cybercriminals behind Anatsa are like pesky cockroaches, tough to get rid of. After taking a break for a few months, they launched a new campaign in March. Their strategy? They’re dressing up malware as productivity apps like PDF editors and office suites. Here’s the sneaky part: when they first submit these apps to Google, they’re clean. The malware gets added later, allowing them to pass Google’s security checks. 

MORE: ANDROID SECRET TIP: HOW TO MAKE YOUR PHONE SHOW A SPLIT SCREEN 

How Anatsa steals and launders money 

Once Anatsa gets on your phone, it starts collecting a ton of financial information like bank account credentials, credit card details, payment info, and more. It does this through overlays that pop up when you open one of the targeted banking apps. Instead of simply stealing the info and running, Anatsa commits fraud right there on your device by launching a banking app and making transactions. All the stolen funds are then converted into cryptocurrency and sent back to the hackers after passing through a network of money mules. 

Beware of these malicious PDF…

Source…