1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Dangerous Android malware targets US banking apps - 50,000 people

    From TechnologyDaily@1337:1/100 to All on Wed Jul 9 16:15:07 2025
    Dangerous Android malware targets US banking apps - 50,000 people already affected, make sure you're not next

    Date:
    Wed, 09 Jul 2025 15:02:00 +0000

    Description:
    Anatsa trojan returns on the Play Store once again, but Google moves to
    strike it.

    FULL STORY ======================================================================Security
    researchers found a PDF app for Android sporting a banking trojan The trojan was introduced with a patch, six weeks after release It had more than 50,000 downloads, so users should beware

    A dangerous Android banking trojan has found a way to the Google Play Store once again, potentially affecting tens of thousands of North American users, experts have warned.

    Security researchers from Threat Fabric found an app on the Play Store,
    called Document Viewer File Reader, published by a company called Hybrid
    Cars Simulator, Drift & Racing roughly two months ago and having amassed a significant following - some 50,000 people.

    Until only recently, the app was clean, working as intended. Then, between June 24 and 30, it received an update that turned it into a banking trojan called Anatsa. How to stay safe

    This is a known piece of malware that's been smuggled into the Play Store on multiple occasions in the past.

    BleepingComputer claims in November 2021 researchers found a trojanized app with 300,000 downloads, and in June 2023 a separate one with 30,000
    downloads. In February 2024 there was another app with Anatsa, counting 150,000 downloads, and in May the same year, two apps with 70,000 downloads between them.

    Every time, Google removes the apps, but the attackers seem to find a way back.

    Anatsa is a banking trojan that first scans the victims mobile device,
    looking for North American banking apps.

    If it finds any, it serves them an overlay that grabs credentials and other login data, granting the attackers the ability to log into accounts and make transactions. At the same time, the victims are presented with a message that the app is undergoing scheduled maintenance.

    The app has now been removed from the Play Store, and if you have it installed, it would be wise to remove it and then run a full system scan
    using Play Protect. Resetting banking account credentials would also be advised.

    All of these identified malicious apps have been removed from Google Play, a Google spokesperson told BleepingComputer . Users are automatically protected by Google Play Protect, which can warn users or block apps known to exhibit malicious behavior on Android devices with Google Play Services."

    Via BleepingComputer You might also like This dangerous new malware is hitting iOS and Android phones alike - and it's even stealing photos and crypto Take a look at our guide to the best authenticator app We've rounded
    up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/dangerous-android-malware-targets-us-ba nk-apps-50-000-people-already-affected-make-sure-youre-not-next


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)