"Anatsa Android Banking Trojan Continues to Spread via Google Play"

According to security researchers at ThreatFabric, the Android banking trojan named Anatsa has evolved, and its attacks are more targeted.  Anatsa has been active for about four years and can target more than 600 mobile banking applications worldwide, infecting devices via malicious droppers uploaded to Google Play.  In June last year, three identified droppers had amassed roughly 30,000 installs via the application store.  The researchers noted that the malware can take over infected devices, allowing its operators to perform various actions on behalf of the victim, including fraudulent transactions.  As part of a campaign that started in November 2023, the researchers observed that the attackers expanded their targeting to Slovakia, Slovenia, and Czechia, promoting dropper applications that often reach the top 3 new free applications in Google Play.  To date, the researchers observed five attack waves, each focused on a different region, as well as evolved tactics that include a multi-staged infection process, the ability to bypass Android 13’s protections, and abuse of Accessibility Services.
 

SecurityWeek reports: "Anatsa Android Banking Trojan Continues to Spread via Google Play"