A new malware is the talk of the town on Android. Nicknamed Anatsa, the latter attacks the banking data of smartphone owners with the little green robot.
It has now become sadly usual, a new malware has infiltrated the Play Store in an attempt to infect the phones of European users. Spotted by cybersecurity specialists at ThreatFabric, Anatsa initially takes on the appearance of a completely innocent application before transforming into a powerful spy capable of taking control of a phone and stealing personal data, particularly banking.
Which applications are affected?
Concretely, Anatsa is installed on a phone by squatting on legitimate-looking applications. Here, for example, applications for “cleaning” the phone or PDF readers. In total, ThreatFabric spotted 5 malicious applications. A good number of them have managed to climb to the top of the ranking of the most popular free applications on Android by accumulating between 10,000 and 100,000 downloads each.
Apps identified as malicious have now been removed from the Play Store by Google and their fingerprints have been added to the Play Protect mechanism which scans apps installed on an Android phone. Your banking details should therefore be safe for the moment. However, if you still have one of the following applications installed, delete it urgently:
- Phone Cleaner – File Explorer (com.volabs.androidcleaner)
- PDF Viewer – File Explorer (com.xolab.fileexplorer)
- PDF Reader – Viewer & Editor (com.jumbodub.fileexplorerpdfviewer)
- Phone Cleaner: File Explorer (com.appiclouds.phonecleaner)
- PDF Reader: File Manager (com.tragisoap.fileandpdfmanager)
Usually, Google quickly removes malicious applications from its application store, but here the software present on the Play Store uses pernicious techniques to infect their victims’ phones.
Europe particularly targeted
By requesting access to accessibility settings under false pretexts (such as to hibernate apps that consume too much battery) the app authorizes itself to execute actions without user intervention. Then, the app remains quiet for at least a week so as not to arouse suspicion, then, thanks to an update, downloads (in several installments so as not to trigger an alarm) the piece of malicious code .
Anatsa’s existence isn’t exactly new. The malware had already been spotted in November 2023 during a major infestation attempt focused on countries such as Germany, the United Kingdom and Spain. The European victims of this new wave are mainly located in Slovakia, Slovenia and the Czech Republic. It also seems that this version of the malware was specifically created to infect Samsung mobiles with their OneUI overlay.
However, it never hurts to check that your phone is not infected and to review the permissions of the applications and those which have access to the accessibility settings (in the menu Settings Then Accessibility). Spring is coming, and so is the opportunity to do some cleaning.
© Gerd Altman via Pixabay.com
Read more
Source : ThreatFabric via Bleeping Computer
0