Android users are facing a critical situation due to the detection of several apps that are infecting devices with dangerous banking malware. Numerous applications, downloaded by millions of users, have been impacted. These apps were all found on the Google Play Store, contributing to the widespread infection of smartphones.
The presence of this threat was initially identified by the Zscaler’s ThreatLabs team, highlighting the prevalence of the Anatsa bug in many of these harmful apps. Anatsa, a malware strain dating back to 2020, is highly proficient in stealing credentials, keylogging, and facilitating fraudulent transactions.
What sets this attack apart is its stealthy method of infiltration onto devices. The perpetrators utilize a dropper technique, where they disguise a benign-looking application on the official Google Play Store. Once installed, Anatsa covertly downloads a malicious payload pretending to be an update from its command-and-control server, evading detection mechanisms and effectively infecting devices.
In addition to Anatsa, other malicious attacks have been observed. For instance, ThreatLabz has reported 77 malevolent applications from various malware families to Google. Among these threats is the Joker bug, capable of unauthorized actions like reading and sending text messages, capturing screenshots, making phone calls, and pilfering contact lists. It has even been known to enroll victims in premium services without their knowledge.
Zscaler emphasized the importance for Android users to scrutinize app permissions and ensure they align with the app’s intended functionality. Before installing any software, it is advisable to check reviews and research the developer to mitigate risks. Activating Google Play Protect is a proactive step in safeguarding devices, as it monitors apps for malicious behavior, conducts safety checks prior to downloads, and alerts users about potentially harmful apps. The service can also disable or uninstall harmful apps detected on devices.