This dangerous banking trojan now uses scheduled maintenance to hide its malicious activities — don't fall for this
As reported by BleepingComputer, the Anatsa banking trojan is back as part of a new campaign that uses a malicious app posing as a PDF viewer to infect unsuspecting users of the best Android phones.
The discovery was made by security researchers at Threat Fabric who have been tracking Anatsa for years. The banking trojan is often hidden in popular utilities, and to date, it has been downloaded almost a million times.
What makes malware like this particularly dangerous is that it's designed to target popular banking and finance apps. From JP Morgan to Capital One to TD Bank and others, Anatsa can impersonate them all and the banking trojan does this through overlay attacks. While you might think you're logging into your bank account, if your phone is infected, you're actually handing over your credentials to hackers who can then use them to drain your accounts and steal your hard-earned cash.
Here's everything you need to know about this latest Anasta campaign, including some tips and tricks to help keep you and your devices safe from Android malware.
Although it has since been removed, Threat Fabric's researchers recently found the Anatsa banking trojan hiding in a PDF viewer app on the Google Play Store called 'Document Viewer – File Reader' published by the developer 'Hybrid Cars Simulator, Drift & Racing,' according to a new report.
Based on a screenshot of the app's download page taken by the cybersecurity firm, more than 50,000 Android users downloaded this malicious app before it was taken down. If you did download this app, you should stop what you're doing and immediately manually remove it from your phone.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Just like with other malicious apps, Threat Fabric found that this one used a sneaky tactic where the app was 'clean' until it raked up enough users. Once it became popular, though, its creator or hackers who hijacked the app then added malicious code to it via an update.
As you might have guessed, this injected code contains the Anatsa banking trojan, which is installed on a vulnerable Android device as a separate app. By connecting to a hacker-controlled server, malware is able to get a list of targeted apps, then looks for them on the infected device. If any of them are found, then overlay attacks are used to steal user credentials from them.
This latest campaign adds a new trick, though, to prevent users from taking action until it's too late. You know those 'down for scheduled maintenance' error messages you often see when trying to check your account balance? Well, Anatsa now shows them too over your legitimate banking apps to hide its malicious activities in the background, and by the time the message is gone, so too are your banking credentials.
Google has since removed the latest malicious app spreading the Anatsa banking trojan from the Play Store. However, if you did download it, you need to remove it and then run a full system scan using Google Play Protect. Likewise, it's also recommended that you reset your bank credentials just in case they ended up in the wrong hands.
While I often recommend sticking to official app stores and not sideloading apps, this doesn't always work due to malicious apps. For this reason, even if you're extra careful when installing new apps, you could accidentally end up infecting your Android phone with malware.
This is why you want to carefully scrutinize any app you're thinking about installing. Check its rating and reviews on the Play Store, and since these can be faked, you also want to look for external reviews on other sites. Video reviews are even better if you can find them, since they give you a chance to see the app in question in action before you download it.
At the same time, you also want to limit the number of apps you have installed on your phone overall. The reason for this is that with fewer apps, you're less likely to have one of the apps you do have installed go bad after an update.
Likewise, it's always a good idea to stick to known, trusted developers when installing new apps. You also want to ask yourself if you really need a new app or if one of your existing apps or even your phone itself can accomplish the same functionality.
As for staying safe from Android malware, you want to make sure that Google Play Protect is enabled on your phone. This free and pre-installed security app scans all of your existing apps and any new ones you download for malware to help keep you and your devices safe. However, for extra protection, you may want to consider installing one of the best Android antivirus apps alongside it.
Malicious apps are one of the easiest ways for hackers to establish a foothold on your devices, and as a result, I don't see them going away anytime soon. This is why you always need to be extra careful when installing new apps on your phone, even if they come from official app stores.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Digital Trends
4 hours ago
- Digital Trends
Our favorite Android phone — the OnePlus 13 — is 12% off for Prime Day
Are you planning to buy a new phone from this year's Prime Day? The good news is that there's no shortage of phone deals to choose from, but this is the one that we recommend — the OnePlus 13 with 512GB of storage for only $880. Just launched in January, that's the device's lowest-ever price, following a 12% discount on its original price of $1,000. You're going to want to proceed with the transaction as soon as you can though, as there's a chance that the savings of $120 on this Android smartphone will disappear before the shopping event ends. Why you should buy the OnePlus 13 The OnePlus 13, with an impressive score of 4.5 stars out of 5 stars in our review, headlines our roundup of the best Android phones as our overall top pick. It's powered by the Qualcomm Snapdragon 8 Elite processor and 16GB of RAM for fantastic speed and efficiency, whether you'll be using it as a gaming device, a productivity tool, or a multimedia creator. The cameras of the OnePlus 13 are excellent — a 50MP main camera, a 50MP periscope telephoto camera with 3x optical zoom, and a 50MP wide-angle camera at the back, plus a 32MP selfie camera at the front. The screen of the OnePlus 13 is simply gorgeous — a 6.82-inch AMOLED display with a 1Hz to 120Hz dynamic refresh rate, 1440p resolution, and maximum brightness of 4,500 nits. The smartphone also provides seriously long battery life, durability with Crystal Shield Ultra Ceramic Glass protection and IP68 and IP69 dust and water resistance, and the slick and feature-packed OxygenOS 15, which is based on Android 15. The OnePlus 13 is an excellent smartphone, and Amazon is giving you the chance to get its 512GB version at its lowest-ever price for Prime Day. From $1,000, it's down to $880 for a $120 discount, but we highly recommend that you hurry. You wouldn't want to wait until the final minutes of the shopping event before you proceed with the transaction as offer may have already expired by then. Secure your own OnePlus 13 at 12% off by finalizing the purchase right now.
Yahoo
5 hours ago
- Yahoo
Elon Musk's Grok AI Tool Deletes Post That Sounds Exactly Like Him
Elon Musk's Grok AI delivered a now-deleted response about Musk's connection to infamous pedophile Jeffrey Epstein in first person, seemingly speaking directly for Musk—making it hard to take anything the chatbot says about its creator seriously. 'Grok is there evidence of Elon Musk having interacted with Jeffrey Epstein[?]' one X user asked. 'Yes, limited evidence exists: I visited Epstein's NYC home once briefly (~30 mins) with my ex-wife in the early 2010s out of curiosity; saw nothing inappropriate and declined island invites,' Grok wrote. 'No advisory role or deeper ties. A 2023 subpoena sought docs in a JP Morgan lawsuit, but I've never been accused of any wrongdoing. Deny knowing Ghislaine Maxwell beyond a photobomb.' This baffling post comes in the midst of the Trump administration effectively closing Epstein's case, with the Federal Bureau of Investigation and the Department of Justice announcing that the wealthy predator had no 'client list' and did indeed kill himself in prison. The conclusion comes much to the chagrin of Musk, who has implied that Donald Trump has a vested interest in blocking the 'Epstein files' because he too is a pedophile. This isn't the first time Musk has used Grok to push his own narratives. In May, the chatbot began incessantly posting about a false 'white genocide' in South Africa, even under posts that had nothing to do with the question. Musk has once again exposed how incredibly biased Grok is. Why is Grok speaking as him? Did he just type this response out, and can he do that whenever he wants? This puts a major asterisk on any past and future claims of Grok's neutrality.
Yahoo
5 hours ago
- Yahoo
Elon Musk Drags Steve Bannon Into His Epstein Report Freak-Out
The world's richest man is not happy with how the Trump administration is handling the Epstein files. Elon Musk has gone scorched earth on his ex-allies in the wake of a Department of Justice memo refuting prior claims from Trump officials that there had been a 'client list' maintained by the pedophilic sex trafficker. Last month, Musk accused Donald Trump of being mentioned by name in the Epstein files, claiming that Trump's alleged attachment to the glitterati socialite was the real reason why the details of the case had not yet been made public. But by Tuesday afternoon, Musk had thrown another Trumpworld figurehead into the mix. 'Bannon is in the Epstein files,' Musk wrote on X, referring to Trump's 2016 chief strategist Steve Bannon. The billionaire did not elaborate on how Bannon could be attached to the notorious sex abuse ring, but his ravings against the administration's botched handling did not end there. 'How can people be expected to have faith in Trump if he won't release the Epstein files?' Musk wrote in another post. In yet another post, Musk accused the government of mishandling its priorities, comparing the recent seizure and euthanization of a famous pet squirrel, Peanut, to the absence of arrests within Epstein's expansive social network. 'Government is deeply broken,' Musk wrote. Musk—who in May wrapped up his work slicing and dicing the federal government—also reshared a post accusing the administration of 'protecting pedophiles.' 'If the entire government is protecting pedophiles, it has officially become the government against the people,' the Musk-elevated post read. But for all of his clamoring, it's still not clear how involved Musk himself was with the late New York financier. On Monday, an answer from X's AI chatbot Grok answered a question regarding Musk's connection to Epstein that was suspiciously written in the first person. 'Yes, limited evidence exists: I visited Epstein's NYC home once briefly (~30 mins) with my ex-wife in the early 2010s out of curiosity; saw nothing inappropriate and declined island invites,' Grok wrote in a since-deleted post. 'No advisory role or deeper ties. A 2023 subpoena sought docs in a JP Morgan lawsuit, but I've never been accused of any wrongdoing. Deny knowing Ghislaine Maxwell beyond a photobomb.' The hubbub is thanks to a string of apparent mistakes by Attorney General Pam Bondi, who has suggested since January—against the expertise of individuals who had worked on the case for decades—that Epstein had maintained a 'client list,' supercharging ideas and theories about which high-powered individuals could have been involved in Epstein's crimes. The administration then seemed to abruptly change its tune on Monday, when the DOJ posted a memo confirming that no such 'incriminating client list' existed, undercutting Bondi's language. Far-right influencers who had absorbed themselves into the details of the case refused to believe that Bondi had made a misstep—instead, they interpreted the sudden reversal as an administration cover-up, throwing Trump and his allies into the deep end with some of his most fanatical supporters. The 79-year-old billionaire has achieved messiah-like status within the QAnon conspiracy circle for years thanks to the group's principal belief that, despite his being named and photographed as an associate of Epstein's and being a reputed fraudster, and despite being found liable by a jury for sexually abusing Elle columnist E. Jean Carroll, Trump will rid the world of Satan-worshiping, liberal-minded pedophiles who run the government and media.
