• Home
  • Mobiles
  • Mobiles News
  • Nefarious Anatsa Android Trojan Caught Stealing Banking Information and Performing On Device Fraud

Nefarious Anatsa Android Trojan Caught Stealing Banking Information and Performing On-Device Fraud

The Anatsa banking trojan targets nearly 600 banking apps from several countries on Android smartphones.

Nefarious Anatsa Android Trojan Caught Stealing Banking Information and Performing On-Device Fraud

Photo Credit: Pixabay/ @neotam

Users who have installed Anatsa trojan-infected apps must manally remove them from their handsets

  • Anatsa is being used to target customers in various countries
  • The malware was being spread through the Google Play store via droppers
  • The Anatsa banking trojan can evade fraud detection on real banking apps

Researchers have discovered the use of an Android banking trojan to collect the financial informational of users in several countries. The Anatsa trojan, which was previously discovered by the same security research firm two years ago, has been used via a few apps on the Play Store masquerading as productivity and office apps, with over 30,000 downloads. The malware creators publish clean apps to Google's app store to evade detection during the initial review, then update them with malicious code. Users who have downloaded these infected applications will have to manually remove them from their smartphones.

Security firm ThreatFabric has published details of the Anatsa banking trojan that infected a few applications on the Play Store that were marketed as "office" apps (for documents and spreadsheets) and PDF viewer and editor apps. After a user installs one of the infected applications, it connects to a GitHub server to download the malware, which poses as an "add-on" for the apps — such as an optical character recognition (OCR) tool for documents and PDFs, according to the firm.

anatsa trojan banks threatfabric threatfabric

ThreatFabric's list of some of the banking apps affected by the trojan
Photo Credit: Screenshot/ ThreatFabric


The banking trojan will then target nearly 600 banking apps from several countries including the Capital One and JP Morgan Mobile apps in the US, as well as banking apps from Australia, France, Germany, Italy, the UK, South Korea, Sweden, and Switzerland. It displays a phishing page on the user's screen when they attempt to open their banking app. The malware can then steal credit card information, login credentials, PIN numbers, via logging keystrokes.

What makes the Anatsa banking trojan truly nefarious is that it can use the information gleaned from the victim to load the legitimate banking apps and transfer funds from their account. The security firm explains that this makes it difficult for anti-fraud systems used by banks to identify the automated, illegitimate transaction. These funds are then transferred to the Anatsa operators in the form of cryptocurrency, according to ThreatFabric.

App Android package name
PDF Reader - Edit & View PDF lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools
PDF Reader & Editor com.proderstarler.pdfsignature
PDF Reader & Editor moh.filemanagerrespdf
All Document Reader & Editor com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs
All Document Reader and Viewer com.muchlensoka.pdfcreator


Users who have installed the "droppers" for the Anatsa trojan — identified by ThreatFabric and listed in the table above — will have to manually uninstall these apps from their smartphones. The apps have already been removed from the Play Store, according to the security firm, which previously discovered the trojan in 2021.

ThreatFabric notes that even after Google removed the apps infected with the Anatsa trojan, the creators would promptly upload a new version of the app, disguised once again, to the Play Store. In order to stay safe from these nefarious trojans, users should opt for well-known apps and avoid installing those that have a few downloads, while checking the user reviews for reports of theft of information or fraud.

Is the Xiaomi Pad 6 the best Android tablet you can buy under Rs. 30,000 in India? We discuss the company's latest mid-range tablet on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

David Delima
As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More
OnePlus Nord CE 3 Price in India Tipped Ahead of July 5 Launch
US State Washington Plans to Mandate Tesla's Plug for EV Charging Companies
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us


© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »