The Anatsa trojan has been cleaning out the bank accounts of Android users by taking over mobile banking apps. The Anatsa trojan is a dangerous form of malware that hides itself in seemingly innocent apps such as PDF readers (this is called a trojan horse). Trojan horses are among the most pervasive forms of malware due to the fact that you can’t see them.
They cause millions of infections and robberies per year, and are frequently distributed via the official Google Play app store. During the Anatsa trojan’s last campaign, the malware was downloaded over 300,000 times. The Anatsa trojan has been updated and was been wreaking havoc since March 2023. Bank account users in the United States, United Kingdom, Germany, Austria, and Switzerland have been affected by the Anatsa malware.
Customers at big banks such as JP Morgan, Capital One, TD Bank, Schwab, Navy Federal Credit Union are vulnerable to this malware as well.
How To Protect Yourself From The Anatsa Trojan
To protect yourself from the Anatsa trojan:
Carefully verify that the apps you download from the app store are genuine. Google Play has a display name for each app which is shown out front (For example: ‘Brave Browser’) as well as an ID that starts with ‘com.’. For example: ‘com.brave.browser‘. This is an example of a legitimate Google Play Store ID. Hover over the ID to see if the company name and app name look suspicious, if they don’t match the original name, or if they contain other unrelated names.
Avoid the following suspect apps:
- PDF Reader – Edit & View PDF -lsstudio.pdfreader.powerfultool.allinonepdf.goodpdftools
- PDF Reader & Editor – com.proderstarler.pdfsignature
- PDF Reader & Editor – moh.filemanagerrespdf
- All Document Reader & Editor – com.mikijaki.documents.pdfreader.xlsx.csv.ppt.docs
- All Document Reader and Viewer – com.muchlensoka.pdfcreator
I highlighted the IDs in red. You’ll see them when you hover over their app store listings.
