CyberSecurityBoard
Sponsor Register Login

Android malware Anatsa infiltrates Google Play to target US banks

According to Threat Fabric researchers who spotted the latest campaign and reported it to Google, Anatsa shows users a fake message when they open the targeted apps, informing of a scheduled banking system maintenance. Anatsa periodically finds ways to infiltrate Google Play, so users should only trust apps from reputable publishers, check user reviews, pay attention to the requested permissions, and keep the number of installed apps on your device at the necessary minimum. In May 2024, mobile security firm Zscaler reported that Anatsa had achieved yet another infiltration on Android’s official app store, with two apps posing as a PDF reader and a QR reader, collectively amassing 70,000 downloads. The malware becomes active on the device immediately after installing the app, tracking users launching North American banking apps and serving them an overlay that allows accessing the account, keylogging, or automating transactions. The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. Threat Fabric has been tracking Anatsa on Google Play for years, uncovering multiple infiltrations under fake or trojanized utility and productivity tools.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 08 Jul 2025 15:15:12 +0000


Cyber News related to Android malware Anatsa infiltrates Google Play to target US banks

Over 90 malicious Android apps with 5.5M installs found on Google Play - Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. Anatsa is a banking trojan that targets over 650 ...
1 year ago Bleepingcomputer.com
New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe - The campaign has been ongoing for at least four months and is the latest salvo from the operators of the malware, which first surfaced in 2020 and has previously notched victims in the US, Italy, United Kingdom, France, Germany, and other countries. ...
1 year ago Darkreading.com
Android malware Anatsa infiltrates Google Play to target US banks - According to Threat Fabric researchers who spotted the latest campaign and reported it to Google, Anatsa shows users a fake message when they open the targeted apps, informing of a scheduled banking system maintenance. Anatsa periodically finds ways ...
1 week ago Bleepingcomputer.com
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
1 year ago Securityboulevard.com
Anatsa Banking Trojan Resurfaces, Targets European Banks - The Anatsa banking Trojan campaign has been observed increasingly targeting European banks, according to new data by ThreatFabric researchers. Since its reemergence in November 2023, the Anatsa campaign has manifested in five distinct waves, ...
1 year ago Infosecurity-magazine.com
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
1 year ago Bleepingcomputer.com
Anatsa Android Banking Malware from Google Play Targeting Users in the U.S. and Canada - ThreatFabric researchers have identified a sophisticated new campaign by the Anatsa banking trojan specifically targeting mobile banking customers across the United States and Canada, marking the malware’s third major offensive against North ...
1 week ago Cybersecuritynews.com
BadBox malware disrupted on 500K infected Android devices - The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. HUMAN says it also discovered 24 Android apps in the official app store, ...
4 months ago Bleepingcomputer.com
Google promises a rescue patch for Android 14's "ransomware" bug - So Android 14 has this pretty horrible storage bug for upgrading users. Bugs are always going to happen, but the big problem with this is that Google has seemingly been ignoring it, and on Friday we wrote about how users have been piling up hundreds ...
1 year ago Arstechnica.com
PixPirate Android malware uses new tactic to hide on phones - The latest version of the PixPirate banking trojan for Android employs a new method to hide on phones while remaining active, even if its dropper app has been removed. PixPirate is a new Android malware first documented by the Cleafy TIR team last ...
1 year ago Bleepingcomputer.com
More Android apps riddled with malware spotted on Google Play - An Android remote access trojan known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. The malicious apps, which have now been removed from Google Play but ...
1 year ago Bleepingcomputer.com Patchwork
Avast confirms it tagged Google app as malware on Android phones - Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. On affected devices, users were warned to immediately uninstall the Google app ...
1 year ago Bleepingcomputer.com Rocke
How Banks Can Adapt to the Rising Threat of Financial Crime - To combat this, banks need to implement advanced AI-driven fraud monitoring and detection tools, enhance identity verification processes, and stay vigilant with continuous monitoring and staff training to recognize anomalies. While most banks ...
5 months ago Darkreading.com
Snowblind malware abuses Android security feature to bypass security - A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. Snowblind's goal is to repackage a target app to make them ...
1 year ago Bleepingcomputer.com Medusa
Google Online Security Blog: I/O 2024: What's new in Android security and privacy - As their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe. Today, we're announcing more new fraud and scam protection features ...
1 year ago Security.googleblog.com Cloak
SpyLoan Android malware on Google Play downloaded 12 million times - More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious ...
1 year ago Bleepingcomputer.com Rocke
Google Silently Tracks Android Device Even No Apps Opened by User - The research examined cookies, identifiers, and other data stored on Android handsets by Google Play Services, the Google Play Store, and other pre-installed Google apps. When a user searches within the Google Play Store, “sponsored” ...
4 months ago Cybersecuritynews.com
Google: Malware abusing API is standard token theft, not an API issue - Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, BleepingComputer reported on two information-stealing malware ...
1 year ago Bleepingcomputer.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
1 year ago Pandasecurity.com
AutoSpill attack steals credentials from Android password managers - Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International ...
1 year ago Bleepingcomputer.com
Android adware apps on Google Play amass two million installs - Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices. In their latest monthly mobile threat report, Doctor Web's analysts identified trojans on ...
1 year ago Bleepingcomputer.com Rocke
New Xamalicious Android malware installed 330k times on Google Play - A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. McAfee, a member of the App Defense Alliance, discovered 14 infected apps on Google ...
1 year ago Bleepingcomputer.com
Android App With 220,000+ Downloads From Google Play Installs Banking Trojan - A sophisticated Android banking trojan campaign leveraging a malicious file manager application accumulated over 220,000 downloads on the Google Play Store before its removal. According to the Zscaler ThreatLabz post shared on X, the malicious app, ...
4 months ago Cybersecuritynews.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com
Hackers Mimic Google Chrome Install Page on Google Play to Deploy Android Malware - Security researchers have uncovered a sophisticated malware campaign targeting Android users through fake Google Chrome installation pages. The visual similarity to legitimate Google Play pages creates a convincing illusion that tricks unsuspecting ...
3 months ago Cybersecuritynews.com OilRig APT3

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)