Android users are facing a serious threat as a group of apps has been found to be spreading dangerous banking malware. These apps, which have been downloaded millions of times, were all accessible on the Google Play Store, making it easier for them to infect numerous smartphones. The discovery of this threat was made by Zscaler’s ThreatLabs team, who identified several apps containing the notorious Anatsa bug.
Anatsa, a malware that surfaced in 2020, is capable of stealing credentials, recording keystrokes, and facilitating fraudulent transactions. What makes this malware particularly concerning is its sneaky method of infiltration onto devices. By utilizing a dropper technique, Anatsa initially appears harmless upon installation, but then secretly downloads a malicious payload in the guise of an update from its command-and-control server. This tactic enables Anatsa to evade detection by Google Play Store’s security mechanisms and effectively compromise devices.
In addition to Anatsa, other malicious attacks have been identified. ThreatLabz reported 77 harmful applications, including the Joker bug, to Google. The Joker bug is capable of unauthorized text messaging, capturing screenshots, making calls, stealing contact lists, and even subscribing users to premium services without their consent.
Zscaler emphasized the importance of scrutinizing app permissions and ensuring that they align with the app’s intended functionality before installation. It is advisable for Android users to check reviews, research developers, and activate Google Play Protect, a service that monitors apps and devices for suspicious activities. Google Play Protect also conducts safety checks on apps before downloading, warning users about potentially harmful ones and removing them if necessary.
By being cautious about app permissions, conducting research, and utilizing security features like Google Play Protect, Android users can better protect themselves from malicious threats when downloading apps.