NIX Solutions: Anatsa Trojan Infects Google Play Apps

Dozens of apps on Google Play have been infected with the Anatsa Trojan, also known as TeaBot, which steals sensitive user data, including banking information. The amount of malware in the Android app store is reaching a critical level. Cybersecurity experts are sounding the alarm: the Google Play app store is flooded with dozens of malware that have already managed to infect millions of user devices.

NIX Solutions

According to a study conducted by security technology company Zscaler, attackers are actively using Google Play to distribute the Anatsa Trojan. The Trojan disguises itself as ordinary (useful) applications, such as file managers, programs for scanning QR codes, and translators. As reported by Extremetech, after installing such programs on the device, Anatsa unnoticed by the user downloads malicious code or additional components from remote servers of attackers. This may look like a normal application update. The Trojan then requests permission to use various functions of the device and then scans it for the presence of applications from financial organizations and services – banks, payment systems. If such applications are detected, Anatsa replaces their interface with fake login pages to steal credentials.

Prevalence and Impact of Anatsa Trojan

Researchers found dozens of similar malware on Google Play, each of which was downloaded an average of 70,000 times. Although Anatsa is now the fastest-growing threat, accounting for only 2.1% of attacks, more than 50% are Joker and Facestealer Trojans, which are more aimed at stealing social network credentials, SMS messages, and other various information. All these viruses are most often disguised as useful applications for working with QR codes, PDF files, as well as programs for processing photos and personalizing devices.

Using Google Play to distribute malware has proven to be an effective strategy for cybercriminals, notes NIX Solutions. Many users associate the popularity of an application with its reliability and security, and are therefore more willing to download programs that already have a significant number of installations. Attackers advertise their “useful” applications, increasing their install rates, which leads to even more infections of devices and gaining access to the confidential data of a huge number of people around the world. We’ll keep you updated on further developments and security measures to combat these threats.