February 20, 2024 at 07:15AM
Anatsa, an Android banking trojan, has intensified its targeted attacks on mobile banking apps. With over 600 target apps worldwide, Anatsa’s malicious droppers have gained 30,000 installs via Google Play. The trojan allows fraudulent transactions and has expanded its campaign to new regions, evading Google’s play store restrictions. ThreatFabric warns of ongoing and evolving threats.
Key takeaways from the meeting notes:
1. The Android banking trojan Anatsa has evolved, with attacks becoming more targeted.
2. Anatsa targets over 600 mobile banking applications globally and infects devices via malicious droppers uploaded to Google Play.
3. Operators of Anatsa can perform various actions on infected devices, including fraudulent transactions.
4. Anatsa’s operators have expanded their targeting to Slovakia, Slovenia, and Czechia.
5. The malware’s tactics include a multi-staged infection process and abuse of Accessibility Services to bypass Android 13’s protections.
6. Anatsa specifically targeted Samsung devices and may potentially adapt to target other manufacturers.
7. The campaign involves five droppers with over 100,000 total installations, with an anticipation of continued expansion and new droppers in official stores.
8. Anatsa’s threat actors have a history of shifting focus between regions within a single campaign.
Let me know if you need any further information or details.