#Anatsa

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

Alert: Over 50K devices infected via a malicious document reader app on Google Play deploying Anatsa banking trojan. Stay vigilant! #CyberSecurity #Anatsa #BankingTrojan #AndroidSecurity Link: thedailytechfeed.com/malicious-ap...

曖昧ナ犬

@aimainainnu.bsky.social

4 months ago

Androidで猛威を振るうマルウェア「Anatsa」の危険性 DNVN - ベトナムの銀行は、Androidプラットフォーム上で急速に拡散している「Anatsa」と呼ばれる新しいタイプのマルウェアについて警告を発しました。このマルウェアは正規のアプリケーションを偽装し、銀行アプリケーションの偽の画面を挿入してパスワードやワンタイムパスワード（OTP）を盗み出し、わずか数秒で顧客口座の資金を引き出します。

#Android で猛威を振るう #マルウェア ｢ #Anatsa ｣ の危険性 - Vietnam. vn

DNVN - ベトナムの銀行は、Androidプラットフォーム上で急速に拡散している「Anatsa」と呼ばれる新しいタイプのマルウェアについて警告を発しました。
www.vietnam.vn/ja/nguy-co-t...

Approov Mobile Security

@approov.bsky.social

6 months ago

Anatsa Unleashed | Android Banking Trojan Targets Over 830 Financial Apps Globally Episode Title: Anatsa Unleashed: How a Sophisticated Android Banking Trojan Targets Over 830 Financial Apps Globally In this episode of "Upwardly Mobile," we dive deep into the alarming evolution of Anatsa, a potent Android banking trojan that has significantly expanded its reach, now setting its sights on over 830 financial applications worldwide . First identified in 2020, Anatsa (also known as Teabot or Troddler) grants its operators full control over infected devices, enabling them to perform fraudulent transactions and steal critical bank information, cryptocurrencies, and various other data on behalf of victims. What You'll Learn in This Episode: • Anatsa's Expanded Targets: Discover how the Anatsa banking trojan has broadened its scope to include more than 150 new banking and cryptocurrency applications, extending its malicious campaigns to mobile users in new countries like Germany and South Korea . • Deceptive Distribution Methods: Understand the cunning ways Anatsa spreads, primarily through decoy applications found on the official Google Play Store . These seemingly harmless apps often masquerade as useful tools like PDF viewers, QR code scanners, or phone cleaners, accumulating over 50,000 downloads in some cases. Once installed, they silently fetch a malicious payload disguised as an update from Anatsa's command-and-control (C&C) server. • Advanced Evasion Techniques: Learn about Anatsa's sophisticated anti-analysis and anti-detection mechanisms, designed to evade security measures. These include decrypting strings at runtime using dynamically generated Data Encryption Standard (DES) keys, performing emulation and device model checks, and periodically altering package names and installation hashes . The malware even hides its DEX payload within corrupted archives that bypass standard static analysis tools. • How Anatsa Compromises Devices: Find out how Anatsa requests and automatically enables critical accessibility permissions upon installation. This allows it to display overlays on top of legitimate applications, tamper with notifications, receive and read SMS messages, and ultimately present fake banking login pages to steal credentials . The trojan also incorporates keylogging capabilities. • Industry Response: Hear about the efforts of cybersecurity firms like Zscaler, which identified and reported 77 nefarious applications distributing Anatsa and other malware families, collectively accounting for over 19 million downloads . While Google has since removed these reported applications and states that Google Play Protect offers automatic protection, the continuous evolution of Anatsa highlights the ongoing threat. Protect Yourself: Cybersecurity experts advise Android users to always verify the permissions that applications request and ensure they align with the intended functionality of the app . -------------------------------------------------------------------------------- Relevant Links to Source Materials: • Source 1: SecurityWeek Article on Anatsa: https://www.google.com/url?sa=E&q=https%3A%2F%2Fsecurityweek.com%2Fanatsa-android-banking-trojan-now-targeting-830-financial-apps%2F • Source 2: Zscaler ThreatLabz Report: https://www.google.com/url?sa=E&q=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fanatsas-latest-updates-android-document-readers-and-deception • Source 3: BSI Report on Anatsa: https://www.google.com/url?sa=E&q=https%3A%2F%2Fwww.bsi.bund.de%2FEN%2FTheBSI%2FCybernationGermany%2FITsecurityIncident%2FAnatsa_Teabot%2Fanatsa_teabot_node.html -------------------------------------------------------------------------------- Sponsor: This episode of "Upwardly Mobile" is brought to you by https://approov.io. Learn more about securing your mobile applications at approov.io. -------------------------------------------------------------------------------- Keywords: Anatsa, Android banking trojan, mobile security, cybersecurity, financial apps, Google Play, malware, credential theft, keylogging, fraudulent transactions, Zscaler, threat intelligence, Android malware, cryptocurrency, mobile banking, data protection, Teabot, Troddler, anti-analysis, C&C server.

📣 New Podcast! "Anatsa Unleashed | Android Banking Trojan Targets Over 830 Financial Apps Globally" on @Spreaker #anatsa #androidmalware #androidtrojan #bankingtrojan #cryptosecurity #googleplay #mobilebanking #securityweek #threatlabz #zscaler

Android

@android.activitypub.awakari.com.ap.brid.gy

6 months ago

77 malicious apps removed from Google Play Store Google has removed 77 malicious apps from the Google Play Store. Before they were removed, researchers at ThreatLabz discovered the apps had been installed over 19 million times. One of the malware families discovered by the researchers is a banking Trojan known as Anatsa or TeaBot. This banking Trojan is a highly sophisticated Android malware, which focuses on stealing banking and cryptocurrency credentials. Anatsa is a classic case of mobile malware rapidly adapting to security research progress. Its stealth tactics, exploitation of accessibility permissions, and ability to shift between hundreds of financial targets make it an ongoing threat for Android users worldwide. Also found by the researchers were several types of adware. However, the largest chunk of malicious apps belonged to the Joker malware family, which is notorious for its stealthy behavior. It steals SMS messages, contacts, device info, and enrolls victims in unwanted premium services, which can result in financial losses. The malware is installed like this: * It gets added to the Play Store as a benign app with useful and sought-after functionality (e.g. document readers, health trackers, keyboards, and photo apps). * Once installed, the app acts as a “dropper” which connects to a remote server for instructions and additional payloads, which often ends in the installation of information stealers. * Anatsa—specifically—uses several methods to avoid detection, such as a well-known Android APK ZIP obfuscator, and downloading each new chunk of code with a separate DES key. Google says it picked up on the flaws and protected against these malware infections before the researchers published their report. As a consequence, Google Play Protect may send users of the removed apps a push notification, giving them the option to remove the app from their device. But don’t let that be your only line of defense. We found that Android users are more careful than iPhone users. Let’s keep that up! ## How to protect your Android from malicious apps Just because something is in the Google Play Store, there is no guarantee that it will remain a non-malicious app. So here are a few extra measures you can take: * Always check what permissions an app is requesting, and don’t just trust an app because it’s in the official Play Store. Ask questions such as: Do the permissions make sense for what the app is supposed to do? Why did necessary permissions change after an update? Do these changes make sense? * Occasionally go over your installed apps and remove any you no longer need. * Make sure you have the latest available updates for your device, and all your important apps (banking, security, etc.) * Protect your Android with security software. Your phone needs it just as much as your computer. * * * **We don’t just report on phone security—we provide it** Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

77 malicious apps removed from Google Play Store Researchers have found 77 malicious apps in the official Google Play Store, ranging from adware to state of the art banking Trojans. Google has remo...

#Android #News #Anatsa #banking #Trojan #play

Origin | Interest | Match

Android

@android.activitypub.awakari.com.ap.brid.gy

6 months ago

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps The Anatsa Android banking trojan has expanded its target list to new countries and more cryptocurrency applications. The post Anatsa ...

#Malware #& #Threats #Anatsa #Android #malware #Android […]

[Original post on securityweek.com]

The Daily Tech Feed

@thedailytechfeed.com

6 months ago

Anatsa malware continues to evolve, targeting over 831 financial institutions worldwide. Stay vigilant and protect your Android device. #CyberSecurity #Anatsa #AndroidMalware #BankingTrojan Link: thedailytechfeed.com/anatsa-malwa...

Android

@android.activitypub.awakari.com.ap.brid.gy

6 months ago

Android Users at Risk – Anatsa Malware Harvests Credentials and Tracks Keystrokes Cybersecurity researchers at Zscaler ThreatLabz have uncovered significant developments in the Anatsa banking mal...

#Cyber #Security #News #Malware #Anatsa #Malware

Origin | Interest | Match

piggo

@pigondrugs.bsky.social

6 months ago

~Zscaler~
Anatsa banking trojan uses Google Play droppers to target 831+ financial apps with new anti-analysis features.
-
IOCs: 185. 215. 113. 108, 193. 24. 123. 18, 162. 252. 173. 37
-
#Anatsa #Android #Malware #ThreatIntel

Android

@android.activitypub.awakari.com.ap.brid.gy

8 months ago

Mobile Security & Malware Issue 2st Week of July, 2025 ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of July, 2025”

#Mobile #Public #Anatsa #Android #apk #Ducex #Exploits #malware #Packer #TapTrap

Origin | Interest | Match

ReconBee

@reconbee.bsky.social

8 months ago

Anatsa Android Banking Trojan Hits 90000 Users with Fake PDF App on Google Play distributing itself read more about Anatsa Android Banking Trojan Hits 90000 Users with Fake PDF App on Google Play

Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play reconbee.com/anatsa-andro...

#Anatsa #androidbankingtrojan #bankingtrojan #PDF #googleplay #google #banking #trojan

GOMOOT

@meneguzzo68.bsky.social

1 year ago

Anatsa, il trojan bancario torna sul Play Store Torna il trojan bancario su Android, dove sono scovate in oltre 90 applicazioni malevoli installate più di 5,5 milioni di volte attraverso il Play Store.

👉 Anatsa, il trojan bancario torna sul Play Store
Il trojan bancario Anatsa torna a diffondere malware e adware su oltre 90 app attraverso il Play Store

gomoot.com/anatsa-il-tr...

#Anatsa #android #google #play #store #malware #news #PlayStore #tecnologia #Trojan #Trojan #bancario

Rene Robichaud

@neroqc.bsky.social

2 years ago

Android : 150 000 utilisateurs européens victimes du malware Anatsa Le cheval de Troie bancaire Anatsa cible les appareils Android, et plus particulièrement les utilisateurs européens : il a fait 150 000 victimes en 4 mois.

En Europe, le malware Anatsa a déjà infecté plus de 150 000 appareils Android
www.it-connect.fr/en-europe-le...
#Infosec #Security #Cybersecurity #CeptBiro #Europe #Malware #Anatsa #Android

Rene Robichaud

@neroqc.bsky.social

2 years ago

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries Anatsa Android banking trojan expands to Slovakia, Slovenia, Czechia.

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries
thehackernews.com/2024/02/anat...
#Infosec #Security #Cybersecurity #CeptBiro #Anatsa #Android #Trojan #GooglePlaySecurity