May 28, 2024 at 05:51PM
Summary: Over 90 malicious Android apps, including Anatsa banking trojan, were found on Google Play, amassing over 5.5 million installations. Anatsa targets financial institutions, using deceptive decoy apps and multi-stage payload loading to evade detection. Though only 3% of total malicious downloads, Anatsa and Coper pose high-risk on-device fraud. Review permissions when installing new apps.
From the meeting notes, it is evident that there has been a significant threat posed by malicious Android apps on Google Play, particularly the resurgence of the Anatsa banking trojan.
Key takeaways include:
1. Over 90 malicious Android apps were found on Google Play, totaling more than 5.5 million downloads. These apps disguised themselves as various categories, including tools, personalization, photography, productivity, and health & fitness apps.
2. Anatsa banking trojan (also known as “Teabot”) has seen a resurgence and targeted over 650 financial institution applications in Europe, the US, the UK, and Asia.
3. Zscaler’s recent analysis revealed that Anatsa dropper apps, specifically ‘PDF Reader & File Manager’ and ‘QR Reader & File Manager,’ had already amassed 70,000 installations before being removed from Google Play.
4. Anatsa’s sophisticated multi-stage payload loading mechanism, along with anti-analysis checks, made it difficult to detect and allowed the trojan to infect devices and perform fraudulent activities, demonstrating the high risk of malicious apps evading detection.
5. Two other high-risk malware families identified are Coper and Joker, making up a small percentage of total malicious downloads but posing a significant threat in terms of device fraud and data theft.
It is important for users to be cautious and review requested permissions before installing new apps on Google Play, especially those associated with high-risk activities. Furthermore, the meeting notes did not confirm whether the 90+ malicious apps have been reported to Google for takedown, indicating a need for enhanced communication and collaboration between security researchers and relevant platforms.
These key takeaways highlight the urgency of addressing and preventing the distribution of malicious apps through Google Play to safeguard user data and devices.