Security researchers say a mobile banking trojan first spotted in 2020 is now targeting financial institutions across the globe.
In a new report, the cloud-native cybersecurity platform Zscaler says hackers are aggressively expanding the scope and streamlining payload of the Android banking trojan Anatsa.
[adinserter block="1"]Anatsa came to life five years ago after a slew of attacks that targeted financial app users and over 650 financial institutions in the US, Europe and the UK. The malware is capable of hijacking credentials, monitoring keystrokes and facilitating fraudulent transactions.
The cybersecurity firm says that the malware is now masquerading as a document reader in the Google Play Store to deliver its malicious payload.
“Once installed, Anatsa silently downloads a malicious payload disguised as an update from its command-and-control (C2) server. This approach allows Anatsa to bypass Google Play Store detection mechanisms and successfully infect devices.”
Zscaler says the malware steals credentials by displaying fake banking login pages, tailored to the financial apps detected on a user’s device.
Through this process, the firm says Anatsa was able to increase its target to 831 financial institutions worldwide, including 150 new banking and cryptocurrency platforms. The malware has also been linked to 77 malicious apps with over 19 million installs.
“Anatsa continues to evolve and improve with anti-analysis techniques to better evade detection… Our research demonstrates the techniques that Anatsa and other Android malware families leverage for distribution through the official Google Play Store.
Android users should always verify the permissions that applications request, and ensure that they align with the intended functionality of the application.”
Follow us on X, Facebook and Telegram
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Surf The Daily Hodl Mix
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney
