February 19, 2024 at 06:21AM
The Android banking trojan Anatsa has extended its reach to Slovakia, Slovenia, and Czechia in a new campaign observed in November 2023, exploiting accessibility service and bypassing Google Play’s protections. Anatsa targets banking customers with dropper apps on the Play Store, gaining control over devices, stealing credentials, and perpetrating fraudulent transactions. The latest iteration uses a phone cleaner app to introduce malicious behavior.
Key takeaways from the meeting notes:
1. An Android banking trojan named Anatsa, also known as TeaBot and Toddler, has expanded its focus to include Slovakia, Slovenia, and Czechia, with a new campaign observed in November 2023.
2. The trojan is distributed as seemingly innocuous apps on the Google Play Store and can bypass security measures to gain sensitive permissions.
3. Anatsa has the capability to gain full control over infected devices, execute actions on a victim’s behalf, and steal credentials for fraudulent transactions.
4. The trojan’s latest iteration in November 2023 was disguised as a phone cleaner app and utilized malicious code to exploit the AccessibilityService functionality, targeting Samsung devices.
5. The campaign prefers concentrated attacks on specific regions and financial organizations, resulting in a high number of fraud cases in a short time.
6. Another campaign detailed by Fortinet FortiGuard Labs distributes the SpyNote remote access trojan, targeting cryptocurrency wallets by abusing the accessibility API.
For further information and updates on this topic, you can follow The Hacker News on Twitter and LinkedIn for exclusive content.