77 Android apps on Google Play with 19 million installs spread malware, hitting 831 banks and exposing users to fraud and theft.

[Brownie2019]

Content source

https://hackread.com/77-malicious-android-apps-19-million-install-banks/

A new investigation by Zscaler’s ThreatLabz team has revealed that 77 malicious apps with over 19 million installs were delivering different malware families through the official Google Play Store.
The research focused on a new infection wave of the Anatsa (aka TeaBot) banking trojan, a harmful program first identified in 2020 that has evolved into a more dangerous and sophisticated threat.
The latest Anatsa variant has dramatically expanded its reach, now targeting over 831 financial institutions worldwide from the previous count of 650. The malware’s operators have also included new regions like Germany and South Korea, in addition to popular cryptocurrency platforms.
Many of the decoy applications, which were designed to look like harmless document readers, had individually racked up more than 50,000 downloads, demonstrating the wide reach of the campaign.

Continue reading:

77 Malicious Android Apps With 19M Installs Targeted 831 Banks Worldwide

77 Malicious Apps With 19 Million Downloads Targeted 831 Banks Worldwide

hackread.com

 

[Wrecker4923]

Here's the original technical report (Aug 21):

Anatsa’s Latest Updates | ThreatLabz

This analysis explores the latest updates to the Anatsa Android malware family.

www.zscaler.com

Notable tactics that a user can watch for:

• After confirming that the C2 server is active and the device meets the necessary criteria, the app will ASK to install an update (not via the playstore).
• The installed update will ask for ACCESSIBILITY permissions (the app example analyzed was a file viewer/organizer!)
• The app categories exploited include: Tools (31.2%), Personalization (20.8%), Entertainment (13%), Art & Design (9.1%), Lifestyle (7.8%)
• The apps with IOC in the report have all been removed from the Google playstore and flagged by Google.