Have an Android phone? Well, the Anatsa malware aka TeaBot, a known Android banking malware, targets applications from over 650+ financial institutions, primarily in Europe.
This was recently discovered and (now should be deleted) from the Android store…but you need to check that it is not still on your phone. Kudos to the Zscaler ‘Threatlabz’ team for this technical analysis. “…over 90 malicious Android apps uploaded to Google Play over the past few months, including a particularly sophisticated trojan called Anatsa. Collectively, the malware apps have been installed over 5.5 million times…”
BLUF: (courtesy Threatlabz)
> Threat actors are leveraging decoy applications such as PDF readers and QR code readers that act as loaders to deploy the Anatsa (a.k.a., TeaBot) Android malware through the Google Play store.
> Many malicious Android applications in the Google Play store are disguised as tools such as file managers, editors, translators, etc.
> Anatsa’s second-stage payload is disguised as a legitimate application update, tricking victims into believing the malware is genuine.
> The threat actors using Anatsa employ various techniques to evade detection including checking for virtual environments and emulators as well as purposely corrupting the APK’s ZIP headers to hinder static analysis of the malware.
Be safe and if you are in doubt reach out to us for how to secure your enterprise as well as your mobile devices Cyberleaf
https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
