Dutch cybersecurity company ThreatFabric published an analysis on Monday detailing a new Android malware campaign. The operation utilizes the Anatsa banking trojan to steal credentials and perform Device-Takeover Fraud (DTO) on mobile devices. ThreatFabric also discovered that infected dropper apps have garnered 30,000 downloads on the Google Play Store.

Anatsa first emerged in 2021 under the names TeaBot and Toddler. The malware was hidden in PDF readers, QR code scanners, and two-factor authentication apps on the Google Play store. Designed to steal user credentials and execute unauthorized fund transfers, Anatsa has impacted over 400 financial institutions globally. Because the fund transfers originate from approved customer devices, the malware is able to bypass most fraud control mechanisms. Dropper apps trick users into downloading malicious payloads through advertisements for false app add-ons. The applications also utilize the restricted “REQUEST_INSTALL_PACKAGES” permission, which other malicious apps have exploited in the past.

Read More:

https://thehackernews.com/2023/06/anatsa-banking-trojan-targeting-users.html