Anatsa Banking Trojan Infects 150,000 Android Devices Through Malicious Apps
-
The Anatsa banking trojan infected at least 150,000 Android devices in Europe through fake apps on Google Play.
-
Anatsa uses dropper apps like fake PDF readers and cleaners that reach Google Play's "Top New Free" section.
-
The malware employs a multi-stage process to bypass Android security protections up to Android 13.
-
Anatsa abuses the Accessibility Service permission meant to aid disabled users to automate infections.
-
New Anatsa campaigns frequently appear with fresh dropper apps, with over 200,000 total downloads likely already.