The Austrian security portal Watchlist-Internet warns of dangerous malware for Android devices. The attackers spreading this malware are sophisticated.
The attackers only post a harmless application on the download portal Google Play, which is monitored by Google. According to Watchlist Internet, these should be apps such as a PDF viewer or a PDF reader. Users then install these useful-sounding apps on their Android devices. Nothing has happened until then.
But once installed, the apps then prompt users to download an additional add-on, i.e. an extension. Of course, this download no longer takes place from the monitored Google Play server, but from a server that the attackers operate. The malware is contained in this subsequently downloaded extension. This is the banking Trojan Anatsa.
The banking Trojan uses its keylogger to record user input. This gives the attackers access to the owner of access data and should also be able to access the users’ online banking. However, Watchlist-Internet does not explain exactly how the attackers hijack the entry of TAN numbers required for online banking. If the TANs are released via the smartphone app, the attackers apparently also have access to them. However, if you use a Chip-Tan generator independent of your smartphone, attackers will have a hard time getting to the money in your account.
In any case, with Anatsa the attackers have access to a lot of users’ confidential data.
Anatsa has been known since November 2021 and was already circulating in Germany in the summer of 2023.
How to protect yourself
Download Android apps only from Google Play. Before doing so, read the reviews on Google Play and check the rights that the app requires on your smartphone. If the installed app then asks you to start another download: Do not do this under any circumstances and instead delete the app again.
Also install a virus scanner on your Android device.
Test: The best antivirus programs for Android
Here’s how to respond if you’ve already become a victim
Inform your bank immediately. Delete the app and start a current virus scanner. If necessary, reset your Android device to factory settings.
File a police report, which can also be done online via the police online watchdogs. Take screenshots if certain processes on the smartphone seem suspicious to you.
Android: How to remove a virus from your mobile devices