ThreatFabric researchers have identified a sophisticated new campaign by the Anatsa banking trojan specifically targeting mobile banking customers across the United States and Canada, marking the malware’s third major offensive against North American financial institutions. The Anatsa campaign underscores the evolving threat landscape facing mobile banking customers, demonstrating that even official app stores cannot guarantee complete protection against sophisticated malware operations targeting financial assets. The latest campaign represents a significant escalation in the threat landscape, with cybercriminals successfully infiltrating the official Google Play Store to distribute their malicious payload disguised as legitimate applications. The current campaign demonstrates Anatsa’s expanding ambitions, with researchers noting a broader target list encompassing a wider range of US mobile banking applications. Security analysis reveals that Anatsa employs particularly deceptive overlay attacks targeting banking applications. ThreatFabric researchers classify the group behind Anatsa as “one of the most prolific operators in the mobile crimeware landscape,” noting their consistently high success rates across multiple campaigns. When victims attempt to access their mobile banking apps, the malware displays fake maintenance messages reading “Scheduled Maintenance: We are currently enhancing our services and will have everything back up and running shortly. The malware specializes in device takeover attacks, enabling cybercriminals to steal banking credentials through overlay attacks, log keystrokes, and execute fraudulent transactions directly from infected devices. Cybersecurity experts are urging financial institutions to immediately alert customers about the risks of downloading applications from any source, including official app stores.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 08 Jul 2025 16:15:23 +0000