NewsBeat

Android users warned about fake app stealing bank details

Published

on

The malicious app is disguised as a document reader and has been downloaded more than 100,000 times.

Once downloaded, it secretly delivers the Anatsa banking trojan onto the Android device.

Zimperium explains: “Victims are lured into downloading seemingly harmless apps that promise to open or manage documents.

Advertisement

“Instead, it installs malicious code capable of stealing sensitive data, harvesting credentials, and maintaining persistent access to the device.”

The fake app has bypassed Google’s automated security checks and was recently found to be live on the Play Store despite being flagged by security researchers.

Advertisement

How the Anatsa banking trojan works

The Anatsa Trojan is designed to steal sensitive financial data and drain users’ bank accounts by hijacking their mobile devices.

The application uses a multi-stage infection strategy to avoid initial detection, according to Cyber Press.

The news platform said: “When a user downloads the fake document reader, the application functions normally at first, displaying the expected user interface to avoid suspicion.

“However, in the background, the application quietly connects to a remote server to download the secondary malicious payload.

Advertisement

“Once the Anatsa payload is installed on the victim’s device, it immediately requests sweeping permissions, particularly targeting Android’s Accessibility Services.”

By gaining access to these privileges, the malware can:

  • Observe the user’s screen
  • Capture keystrokes
  • Interact with the device’s interface

The primary objective of the Anatsa Trojan is to monitor banking and financial apps.



Cyber Press continues: “When a victim attempts to log in to a targeted banking app, Anatsa intercepts the process and displays a fake overlay that perfectly mimics the legitimate login page.

“Unsuspecting users enter their credentials into this fraudulent form, directly handing their usernames, passwords, and two-factor authentication codes to the attackers.”

Advertisement

The malware can also gain access to SMS messages and approve transaction prompts.

Check for suspicious apps to avoid the Anatsa Trojan

Android users who have downloaded any suspicious document readers recently should “immediately review their installed applications and monitor their bank statements for unauthorized activity”.

Have you downloaded any suspicious apps recently? Let us know in the comments below.

Advertisement

Source link

You must be logged in to post a comment Login

Leave a Reply

Cancel reply

Trending

Exit mobile version