UK, US, and DACH are all affected by the latest campaign of the Anatsa banking Trojan.
ThreatFabric's cyber fraud specialists have been keeping an eye on a number of active Google Play Store dropper campaigns that are distributing the Android banking Trojan Anatsa, which has more than 30.000 installations as of March 2023. New institutions from the US, UK, and DACH region piqued the interest of the threat actors responsible for this latest Anatsa wave. Our fraud intelligence platform was able to validate the existence of this harmful malware family, which now has as its new targets a number of Android banking apps from these countries.
Due to Anatsa's extremely sophisticated Device-Takeover capabilities, which may go beyond a wide range of existing fraud protection methods, ThreatFabric is aware of numerous proven fraud incidents with confirmed losses. These cases were undoubtedly caused by the Trojan.
The continuous attack focuses on banks from the US, UK, and DACH, and the malware has around 600 financial applications from around the world on its target list. In order to start fraudulent activities, the players behind Anatsa want to steal the authorization codes used by clients in mobile banking applications.
Targeted Countries:
Anatsa droppers
| APP NAME | PACKAGE NAME | SHA-256 |
|
PDF Reader - Edit & View PDF
|
lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools
|
ecce34c0ba83120ccf1f8e1640cd867fbfeb490dbc8a41d1cf8c577d508819c3
|
|
PDF Reader & Editor
|
com.proderstarler.pdfsignature
|
128820e1c5d62523f675042da9d1e11af3191217afe308bcc17e51ad8c2ece03
|
|
PDF Reader & Editor
|
moh.filemanagerrespdf
|
7231546ee377738cbe9075791eb6e76b7bc163c1b91831e05e81b4756fff4028
|
|
All Document Reader & Editor
|
com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs
|
3740e6b4d259efe6a72f503429fb67db96363935a29f7428ccab5b78fa9bee73
|
|
All Document Reader and Viewer
|
com.muchlensoka.pdfcreator
|
db7df65f2699817fa3ebfb3ebef106a3801a96b9da1ba6d88e727a253ae34da6
|
What's Your Reaction?
