US, others impacted by Anatsa Android banking trojan

Online banking customers in the U.S., Austria, Germany, Switzerland, and the U.K., have been subjected to mobile malware attacks distributing the Anatsa Android banking trojan through the Google Play Store since March, reports BleepingComputer. Threat actors behind the campaign have lured victims into downloading malicious Anatsa dropper apps purporting to be office/productivity tools, all of which have been infected after being reviewed by Google, according to a ThreatFabric report. Installation of the apps is then followed by the retrieval of Anatsa payloads from GitHub, with the malware having the capability to exfiltrate bank account credentials, payment information, and credit card details from almost 600 banking apps worldwide. Stolen data is then leveraged to facilitate automated fund exfiltration activities. "Since transactions are initiated from the same device that targeted bank customers regularly use, it has been reported that it is very challenging for banking anti-fraud systems to detect it," said researchers. A Google spokesperson responded by saying that all of these identified malicious apps have been removed from Google Play and the developers have been banned. The spokesperson added that Google Play Protect also protects users by automatically removing apps known to contain this malware on Android devices with Google Play Services.