Android users are facing a serious threat as several apps have been found to be spreading dangerous banking malware on devices. These apps, downloaded by millions of users, were all accessible on the Google Play Store, contributing to the widespread infection. The discovery of this malware, known as Anatsa, was made by Zscaler’s ThreatLabs team.
Anatsa, which emerged in 2020, poses severe risks by enabling credential theft, keylogging, and facilitating fraudulent transactions. What makes this malware particularly concerning is its stealthy infiltration method. Anatsa utilizes a dropper technique by disguising itself as a harmless application on the official Google Play Store. Once installed, it secretly downloads a malicious update from a command-and-control server, evading detection mechanisms and infecting devices undetected.
In addition to Anatsa, ThreatLabz has identified and reported 77 malicious applications, including the notorious Joker bug, to Google. The Joker bug can perform various malicious activities such as reading and sending text messages, capturing screenshots, making unauthorized calls, and stealing contact lists. Moreover, it can unknowingly subscribe infected users to premium services.
Zscaler emphasized the importance of users verifying app permissions and ensuring they align with the app’s intended functionality. It is crucial to conduct thorough research on app developers and review feedback before installing any software on devices. Activating Google Play Protect is recommended, as it monitors apps and devices for suspicious behavior, conducts safety checks on apps before download, and alerts users about potentially harmful applications. Google Play Protect can also deactivate or remove harmful apps from devices to enhance user security and privacy.