Bank Info-Stealing Malware Found in 90+ Android Apps With 5.5 Million Installs
A report from cybersecurity firm Zscaler has discovered over 90 malicious Android apps uploaded to Google Play over the past few months, including a particularly sophisticated trojan called Anatsa.
Collectively, the malware apps have been installed over 5.5 million times.
As of Thursday, Google has banned the apps identified in the report, according to BleepingComputer. Anatsa, also known as “TeaBot,” and other malware in the report, are dropper apps that masquerade as PDF and QR code readers, photography, and health and fitness apps. As the outlet reported, the findings demonstrate the “high risk of malicious dropper apps slipping through the cracks in Google’s review process.”
Although Anatsa only accounts for around two percent of the most popular malware, it does a lot of damage. It’s known for targeting over 650 financial institutions — and two of its PDF and QR code readers had both amassed over 70,000 downloads at the time the report was published.
Once installed as a seemingly legitimate app, Anatsa uses advanced techniques to avoid detection and gain access to banking information. The two apps mentioned in the report were called “PDF Reader and File Manager” by Tsarka Watchfaces and “QR Reader and File Manager” by risovanul. So, they definitely have an innocuous look to unsuspecting Android users.
The majority of apps containing the malware were classified as tools like file managers, editors, and translators. Other categories of apps included photography, productivity, and “personalization,” which was unspecified, but might include apps for customizing Android home screens and wallpaper.
These malware-infected apps may have been taken down, but it’s an uneasy reminder to remain vigilant about which apps you’re installing.
