Urgent warning for Android users over apps that steal your bank details


Urgent warning to Android users about apps stealing your banking information

  • Android users are urged to uninstall apps as the existing Anatsa bug can steal details
  • The malware can access login credentials, mobile banking, and view your balance

Android users in the UK have received an urgent warning about a security threat that could lead to their banking details being stolen.

Discovered by the ThreatFabric security team, the latest threat uses apps uploaded to the Google Play Store to infect phones with the rogue Anatsa banking trojan.

Once installed on a device, the money-stealing bug can steal credentials that can be used to authorize users to log into mobile banking.

Hackers can then take control of someone’s account and access credentials, credit card details, bank balance and payment information, and transfer money with less chance of the cardholder noticing.

An existing bug wreaks havoc for Android users, the dreaded Anatsa impersonating Google Play apps may end up stealing your banking information

ThreatFabric explains, “Since transactions are initiated from the same device that target banking customers regularly use, it has been reported to be a major challenge for bank anti-fraud systems to detect.”

Anatsa is not a new problem, the bug has been causing damage since 2020, but this new malware is now targeting Android users in the UK and US, as well as phone owners in Italy, Germany and France.

According to security researchers from the tech company who have been tracking the activity, the bug has more than 30,000 installs through this method alone.

In March 2023, the attackers launched a new campaign that tricked unwitting victims into downloading Anatsa dropper apps from Google Play.

Threat Fabric says it has seen a total of five new dropper apps pop up on the Play Store in just four months, all masquerading as PDF reader software, according to the Mirror.

Whenever ThreatFabric reported the bug to Google, it got rid of the pain, but the malware quickly returned under a new dropper and guise.

One software called PDF Viewer was downloaded more than 10,000 times before Android caught on.

All infected apps have now been removed from the Play Store. However, if you’ve downloaded any PDF software this year, it might be a good idea to check that it’s from an official source.

This is reported by a Google spokesperson Beeping computerTo: “All of these identified malicious apps have been removed from Google Play and the developers have been banned.

“Google Play Protect also protects users by automatically removing apps known to contain this malware on Android devices running Google Play Services.”

Full list of Google banned apps:

  • PDF Reader – Edit and view PDF
  • PDF reader and editor
  • All document reader and editor
  • All document readers and viewers