Recently, researchers at Zscaler, a cloud security firm, discovered over 90 malicious Android applications on Google Play with more than 5.5 million installations.
These apps were found to be associated with a dangerous banking malware called Anatsa (also known as TeaBot). Initially, these apps appear harmless, but they later download malicious code or command and control (C2) servers disguised as legitimate application updates.
Once the malware infects a device, it scans for banking apps and sends any detected information to the C2 server. Subsequently, the server sends back a fake login page to the targeted applications, allowing hackers to steal the user’s credentials and potentially their money.
Two applications Zscaler identified as infected with Anatsa are PDF Reader & File Manager and QR Reader & File Manager. While the malware primarily targets applications from financial institutions in the UK, it has also affected users in the US, Germany, Spain, Finland, South Korea, and Singapore.
Although the specific names of the infected apps were not disclosed, the two mentioned above are no longer available on the Google Play store. Users need to remain cautious, regardless of their location.
