Here’s the thing: our Android smartphones have become super handy. They’re like Swiss army knives, juggling everything from chats with friends to last-minute emails to managing our finances. But guess what? A new virtual bad guy on the block, the Anatsa banking trojan, is targeting our Androids. 

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER 

This isn’t some small-scale operation, either. Since March 2023, Anatsa has been wreaking havoc in the U.S., U.K., Germany, Austria, and Switzerland. And guess what else? This isn’t the Trojan’s first rodeo. Back in November 2021, Anatsa malware was downloaded over 300,000 times. Now, it’s back with even more capabilities, taking over close to 600 different financial Apps and committing fraud right on an infected device. Big banks like JP Morgan, Capital One, and TD Bank are in the crosshairs, too.

The cybercriminals behind Anatsa are like pesky cockroaches, tough to get rid of. After taking a break for a few months, they launched a new campaign in March. Their strategy? They’re dressing up malware as productivity apps like PDF editors and office suites. Here’s the sneaky part: when they first submit these apps to Google, they’re clean. The malware gets added later, allowing them to pass Google’s security checks. 

MORE: ANDROID SECRET TIP: HOW TO MAKE YOUR PHONE SHOW A SPLIT SCREEN 

Once Anatsa gets on your phone, it starts collecting a ton of financial information like bank account credentials, credit card details, payment info, and more. It does this through overlays that pop up when you open one of the targeted banking apps. Instead of simply stealing the info and running, Anatsa commits fraud right there on your device by launching a banking app and making transactions. All the stolen funds are then converted into cryptocurrency and sent back to the hackers after passing through a network of money mules. 

Security pros at ThreatFabric found that the hackers are using Anatsa to steal credentials used to authorize customers in mobile banking applications and perform Device-Takeover Fraud (DTO) to initiate fraudulent transactions. ThreatFabric identified five malicious apps that the bad guys are using to drain bank accounts: 

PDF Reader – Edit & View PDF -lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools 

PDF Reader & Editor – com.proderstarler.pdfsignature 

PDF Reader & Editor - moh.filemanagerrespdf 

All Document Reader & Editor – com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs 

All Document Reader and Viewer - com.muchlensoka.pdfcreator 

MORE: HOW TO TELL IF SOMEONE IS SNOOPING ON YOUR ANDROID 

All these apps have been pulled from the Play Store, although if they’re on your Android, you must get rid of them manually by uninstalling them. 

Settings may vary depending on your Android phone’s manufacturer  

Open the Settings app 

Scroll down and select Apps 

Tap on the app you want to delete and select Uninstall 

Confirm your choice by tapping OK or Uninstall again 

As mentioned earlier, all identified malicious apps have been removed from Google Play, and the developers have been banned. Google took action after being notified by ThreatFabric. Plus, Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. 

I recommend going beyond Google Play Protect to keep yourself from having your data breached. As we all know, free is not always the way to go, especially when we are talking about antivirus protection. Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information. 

See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by heading to Cyberguy.com/LockUpYourTech

Related: Free antivirus: should you use it?

MORE: HOW TO CHANGE YOUR PRIVACY SETTINGS ON YOUR ANDROID DEVICES 

So how else can you keep your phone safe from these cyber pests? Think twice before installing a new app. Do you really need it? If you’re unsure, check reviews and ratings. Video reviews can be super helpful as they show the app in action and are harder to fake. 

We live in a digital age where our lives revolve around our Android smartphones. These devices are incredible tools yet can also be potential targets for threats like the Anatsa banking trojan. By staying informed, keeping a watchful eye on your apps, and following a few key security practices, you can ensure you’re not making it easy for the bad guys. 

What steps will you take to protect your Android smartphone and keep your hard-earned money safe? Are you considering any extra precautions to bolster your defenses against threats like Anatsa? Let us know by writing us at Cyberguy.com/Contact 

For more of my security alerts like this one, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter 

Copyright 2023 CyberGuy.com. All rights reserved. 

source https://www.foxnews.com/tech/android-users-risk-banking-trojan-targets-more-apps