- Security researchers found a PDF app for Android that has a bank Trojan
- Trojan was introduced with a patch, six weeks after release
- It had more than 50,000 downloads so users had to take care
A dangerous Android Banking Trojan has found a way to the Google Play store again, which potentially influences tens of thousands of North American users, experts have warned.
Security researchers from threat Fabric found an app in the Play Store, called ‘Document Viewer – File Reader’, published by a company called ‘Hybrid Cars Simulator, Operation & Racing’ for approx. two months ago and has gathered a significant subsequent – approx. 50,000 people.
Until recently, the app was clean and worked as intended. Then, between June 24 and 30, it received an update that made it a bank Trojan called Anatsa.
How to remain safe
This is a well -known piece of malware smuggled into the Play Store on several occasions in the past.
Bleeping computer Requirements In November 2021, researchers found a Trojanized app with 300,000 downloads, and in June 2023 a separate one with 30,000 downloads. In February 2024 there was another app with Anatsa, which counts 150,000 downloads, and in May of that year, two apps with 70,000 downloads between them.
Each time, Google removes apps but attackers seem to find a way back.
Anatsa is a bank Trojan that first scans the victim’s mobile device looking for North American bank apps.
If it finds anyone, it serves them an overlay that grabs credentials and other login data that give attackers the opportunity to log in to accounts and make transactions. At the same time, the victims are presented with a message that the app is undergoing scheduled maintenance.
The app is now removed from the Play Store and if you have it installed, it would be wise to remove it and then run a complete system scan using Play Protect. Resetting Bank Account -Aditimation Information will also be advised.
“All of these identified malicious apps have been removed from Google Play,” a Google spokesman told Bleeping computer. “Users are automatically protected by Google Play Protect, which can warn users or block apps known to exhibit malicious behavior on Android devices with Google Play Services.”
Via Bleeping computer
