• An Android Banking Malware Active in the Google Play Store

    Home » Forums » Cyber Security Information and Advisories » Cyber Security for Home Users » An Android Banking Malware Active in the Google Play Store

    Tags:

    Author
    Topic
    Alex5723
    AskWoody Plus
    May 28, 2024 at 11:53 pm #2676099

    https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google

    ..Recently, we noticed an increase in instances of the Anatsa malware (a.k.a. TeaBot). This sophisticated malware employs dropper applications that appear benign to users, deceiving them into unwittingly installing the malicious payload. Once installed, Anatsa exfiltrates sensitive banking credentials and financial information from global financial applications. It achieves this through the use of overlay and accessibility techniques, allowing it to intercept and collect data discreetly…

    1 user thanked author for this post.
    NaNoNyMouse
    Reply | Quote
    Viewing 2 reply threads
    Author
    Replies
    • Paul T
      AskWoody MVP
      May 29, 2024 at 12:15 am #2676106

      The malware comes as a 3rd party PDF/QR reader/file manager and uses a fake banking app front end that accepts your login credentials.

      Bottom line: be careful what 3rd party apps you load on your phone.

      cheers, Paul

      3 users thanked author for this post.
      NaNoNyMouse, Fred, Alex5723
      Reply | Quote
    • Fred
      AskWoody Lounger
      May 29, 2024 at 1:59 am #2676120
      Paul T wrote:

      Bottom line: be careful what 3rd party apps you load on your phone.

      Right you are….
      Are the playstores for the apps losing their grip in what’s wrong?
      Is there a way to check these “apps” yourself?.

      * _ ... _ *
      Reply | Quote
      • Paul T
        AskWoody MVP
        May 29, 2024 at 6:03 am #2676159

        The apps in the store are OK, the malware comes via an “update”.

        cheers, Paul

        1 user thanked author for this post.
        Fred
        Reply | Quote
        • n0ads
          AskWoody Lounger
          May 29, 2024 at 8:13 am #2676192
          Paul T wrote:

          The apps in the store are OK, the malware comes via an โ€œupdateโ€.

          And therein lies the problem.

          I recently experienced a situation where an app I’d been using for years was updated and it suddenly said it now needed to access basically everything on my phone in order to work; which is a very bad thing!

          I checked and found the “updated” version had the same app ID as the original but was from a completely different source (I “assume” because the original owner was enticed to sell it.)

          Needless to say, I removed it and installed a different app that provided most of the original app’s functionality; at least the parts I used.

          A few days latter, I found out Google had removed the original app from their store because was scraping data from users phones and sending it to a 3rd party!

          Reply | Quote
          • JC Zorkoff
            AskWoody Plus
            May 29, 2024 at 11:50 am #2676255

            Can you give the name of the “app” so if we are using it we can be careful?

             

            Reply | Quote
            • n0ads
              AskWoody Lounger
              May 30, 2024 at 10:00 am #2676533

              This happened well over a year ago and I honestly don’t remember what it was called?

              It was a clock widget that replaced the “default clock” with a bunch of different styles, some of which included the local weather conditions (temp & humidity) or the local forecast for the next week, depending on which clock style you chose.

              I liked it because the time/weather info displayed without having to do anything other that just activate the phone screen.

              The first clue that it’d been infected was when, after the update, it suddenly indicated it suddenly needed access to a lot of other apps on my phone (contacts, email, SMS, browser, etc. etc.) in addition to the original location only info!

              Reply | Quote
    • Alex5723
      AskWoody Plus
      May 29, 2024 at 12:17 pm #2676263
      n0ads wrote:

      A few days latter, I found out Google had removed the original app from their store because was scraping data from users phones and sending it to a 3rd party!

      Google want exclusive rights to scrap users data and sell to 3rd parties.

      Reply | Quote
    Viewing 2 reply threads
    Reply To: An Android Banking Malware Active in the Google Play Store

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.