Anyone with an Android phone in their pocket would be wise to check their home screen without delay. A bunch of highly worrying applications have just been removed from Google’s Play Store after they were found to be capable of installing the vicious Anatsa banking Trojan onto devices. This critical threat can allow hackers to gain full control over infected devices and then begin executing actions on a victim’s behalf – it could leave money being stolen or transfers set up without permission.
Anatsa was actually discovered late last year with victims being targeted in areas including the UK. Now it appears to be making a concerning comeback with the team at Threat Fabric confirming a new campaign has been launched over the past few months. To make matters worse, it seems that some of the latest attacks are specifically targeting Samsung devices. Considering Samsung’s massive market share this might not come as a huge surprise but it’s certainly worrying for owners of these popular devices.
Threat Fabric says they discovered the so-called “Anatsa Dropper” on Google’s Play Store with it disguised as an app that claimed to help clean up devices.
“A unique aspect of this dropper was its malicious code, specifically targeting Samsung devices,” Threat Fabric explained.
“The malicious AccessibilityService was tailored to interact with the UI elements of Samsung devices, meaning only Samsung users were impacted in this phase of the campaign. This suggests that the threat actors initially developed and tested their code exclusively for Samsung devices.”
To avoid immediate detection, the hackers use a clever strategy to spread the malicious indicators across several stages. This makes it harder for Google to spot the bug and block it before it reaches devices. If you are concerned that your phone may have been infected then we’ve published a list of the dodgy apps below.
• Phone Cleaner – File Explorer
• PDF Viewer – File Explorer
• PDF Reader – Viewer & Editor (com.jumbodub.fileexplorerpdfviewer)
• Phone Cleaner: File Explorer
• PDF Reader: File Manager
Even though Google has now banned these apps, if you think you may have downloaded any of them it’s vital to delete them without delay and check your bank for any strange transactions.
Confirming the block of the dangerous apps, a Google Spokesperson said: “All of the apps identified in the report have been removed from Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.
Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play.”