Android users are on high alert following the discovery of several apps spreading dangerous banking malware. Numerous applications, downloaded millions of times, have been identified as potential threats on the Google Play Store. The security firm Zscaler’s ThreatLabs was the first to detect the issue, uncovering the presence of the Anatsa bug in many of these risky apps.
Anatsa, a malicious software that emerged in 2020, is capable of stealing credentials, logging keystrokes, and facilitating fraudulent transactions. What makes this threat particularly concerning is its stealthy method of infiltration. By utilizing a dropper technique, Anatsa initially appears harmless upon installation from the official Google Play Store. Subsequently, it discreetly downloads a malicious payload disguised as an update from its command-and-control server, evading detection mechanisms and infecting devices effectively.
In addition to Anatsa, other malware attacks have been observed. ThreatLabz reported 77 malicious applications, including the Joker bug, to Google. The Joker bug can perform various malicious actions such as reading and sending text messages, capturing screenshots, making unauthorized phone calls, stealing contact lists, and even enrolling users in premium services without their knowledge.
Zscaler emphasized the importance of scrutinizing app permissions and ensuring they align with the app’s intended functionality. Before installing any software, it is advisable to check reviews, research developers, and activate Google Play Protect, a service that monitors for harmful behavior in apps and devices. This service conducts safety checks on apps before download and provides warnings about potentially harmful applications. It may also deactivate or remove harmful apps from devices automatically.