Android Users Should Remove These Malicious Apps As Soon As Possible

As reported by Bleeping Computer , the banking Trojan Anatsa is rampant on European smartphones. While we ‘ve seen Anatsa wreak havoc on smartphones before , this particular Anatsa campaign targets the UK, Germany, Spain, Slovakia, Slovenia and the Czech Republic and was first discovered by researchers at ThreatFabric in November.

Since then, Anatsa has infected at least 150,000 smartphones, although researchers estimate that number could be as high as 200,000. The attackers behind malware downloaders (apps designed to deliver malware) are also smart: they attach their malware to apps designed to rank in the top three spots in the Play Store’s “Best New Free” category. If the app appears here, it could encourage more users to try it, increasing the number of victims the malware can infect.

How does Anatsa work?

When you install the Anatsa app on your smartphone, it targets the Android accessibility service feature. Designed to help make Android more accessible to the greatest number of users regardless of their abilities, the service has become an entry point for many types of malware as it allows malware to install in the background without the user’s knowledge. .

Google targets this kind of abuse of the Accessibility Service, but the malware finds a way. This time, Anatsa apps managed to sneak by by offering a fake feature of “apps that drain battery in sleep mode.” Although the end user thinks that he is enabling a feature that puts certain applications to sleep in the background, he is actually giving Anatsa applications permission to use the accessibility service.

When accessibility services are enabled for an app, it downloads specific parts of the malicious code rather than the entire code. This should remain out of sight: if an app downloads all the malicious code at once, Android may notice and terminate the process. Next, the dropper downloads a file with malicious code, which is used to install the malicious program itself on your device. From here, the app downloads a file with a link to the malware. Finally, it downloads and runs malware on your phone.

Anatsa is a banking trojan, so it is designed to steal your banking information, such as your bank login details. Attackers can then use this data to steal your money or personal information, making this form of malware especially dangerous.

Which apps contain Anatsa malware?

According to the study, the following five apps were responsible for 150,000 (or 200,000) downloads of Anatsa in Europe:

  1. Phone Cleaner – Explorer

  2. PDF Viewer – Explorer

  3. PDF Reader – viewer and editor

  4. Phone Cleaner: Explorer

  5. PDF Reader: file manager

Of course, if you recognize any of these names and you have any of these apps on your device, uninstall them as soon as possible. Luckily, you won’t be able to download them anymore: Google has removed them from the Play Store. However, this alone will not remove them from the devices on which they are installed. So make sure you don’t use any of these apps even if you don’t live in the target countries.

How to protect yourself from malware droppers

Apps containing malware or instructions to install malware are finding new ways to trick users into downloading them. However, there are some common guidelines you can use to protect yourself in the future.

First, avoid any apps that advertise themselves as improving your phone’s performance or quality, unless they come from a recognizable name and have a large following. Malicious users know that clients are looking for these types of apps and design their droppers to look like them.

When you start to feel more skeptical about these apps, take a closer look at their Play Store pages as well. Make sure that the text is well written and does not contain simple spelling and grammatical errors. A legitimate application usually takes great care to ensure that everything is correct. Also, make sure the images are high quality and truly showcase what the app is advertising.

Finally, scroll through the reviews. Look through recent as well as the most critical reviews, looking for those who complain that the app makes their phone behave worse. Some may directly call the application to install malware, so be careful. If the reviews don’t seem right to you, or if there have been reviews of a seemingly different app in the past, it’s best not to worry about that app to begin with.

More…

Leave a Reply