Anatsa banking malware is targeting Europeans via Google Play

Threat actors are using commonly installed applications to target Android devices

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Anatsa Malware featuring Google Play, PDF reader and Phone Cleaner logos on an Android Background

Cybercriminals target Europeans by infecting their Android devices with the Anatsa banking trojan. Unfortunately, if you are not careful, you might download it directly from the Google Play. After all, the malware hides in common apps. As a result, it has more than 150,000 downloads.

By the way, if you are from one of the following countries: UK, Germany, Spain, Slovakia, Slovenia, and the Czech Republic, your chances of getting the malware are higher.

What is Anatsa?

The Anatsa banking trojan is a malware that steals your financial data. In addition, you can get it by downloading apps from Google Play. Thus, some of your devices might be at a higher risk. It mostly operates as a dropper malware.

In some cases the Anatsa banking trojan dropper works like a normal application. For example, if you get the phone cleaner, you might have a few options to delete files or to hibernate battery draining apps. Unfortunately, by pressing on them, you will allow the malware to infect your phone. Below, you can find some removed apps.

  1. Phone Cleaner – File Explorer
  2. PDF Viewer – File Explorer
  3. PDF Reader – Viewer & Editor
  4. Phone Cleaner: File Explorer
  5. PDF Reader: File Manager

To protect yourself from the Anatsa banking trojan, you should always check the developer of the application you are trying to get. Also, verify the reviews, especially the negative ones. In addition, always check for companies with a good reputation. On top of that, check the list of permissions new apps use and verify anything suspicious on the internet. After all, there is no point in giving a voice recording app access to your photos.

In a nutshell, there are many ways in which threat actors can use the Anatsa banking trojan. Thus, you should always be extra cautious when you install new apps from Google Play or other stores. Also, keep in mind to always check the permissions required by apps. In addition, by reporting the suspicious applications, you will help Google remove them.

Unfortunately, there are various malware affecting devices, such as TicTacToe, DarkMe, Akira Ransomware and Ov3r_Stealer. Also, check the following article to learn more about the Anatsa banking trojan as reported by Bleeping Computer.

What are your thoughts? Did you install any of the applications mentioned? Let us know in the comments.

More about the topics: Google, Google services

User forum

0 messages