A new Android malware campaign has been observed pushing the Anatsa banking trojan to target banking customers in the U.S., U.K., Germany, Austria, and Switzerland since the start of March 2023.
"The actors behind Anatsa aim to steal credentials used to authorize customers in mobile banking applications and perform Device-Takeover Fraud (DTO) to initiate fraudulent transactions," ThreatFabric said in an analysis published Monday.
The Dutch cybersecurity company said Anatsa-infected Google Play Store dropper apps have accrued over 30,000 installations to date, indicating that the official app storefront has become an effective distribution vector for the malware.
Anatsa, also known by the name TeaBot and Toddler, first emerged in early 2021, and has been observed masquerading as seemingly innocuous utility apps like PDF readers, QR code scanners, and two-factor authentication (2FA) apps on Google Play to siphon users' credentials. It has since become one of the most prolific banking malware, targeting over 400 financial institutions across the world.
The trojan features backdoor-like capabilities to steal data and also performs overlay attacks in order to steal credentials as well as log activities by abusing its permissions to Android's accessibility services API. It can further bypass existing fraud control mechanisms to carry out unauthorized fund transfers.
https://thehackernews.com/2023/06/anatsa-banking-trojan-targeting-users.html?fbclid=IwAR2SuPNaTxj9hcltjAj2qL767Qgz8_ VNW_mmkJmSKSX9fHyC86dcfRv_zec
