May 29, 2024 at 11:09AM A new campaign targets Brazilian banks with a Windows-based AllaSenha RAT, using Azure cloud as C2 infrastructure. The attack begins with a malicious LNK file disguised as a PDF, hosted since March 2024. The BPyCode launcher fetches and executes malicious files to steal banking credentials. Additionally, Anatsa Android Banking Trojan … Read more
May 28, 2024 at 05:51PM Summary: Over 90 malicious Android apps, including Anatsa banking trojan, were found on Google Play, amassing over 5.5 million installations. Anatsa targets financial institutions, using deceptive decoy apps and multi-stage payload loading to evade detection. Though only 3% of total malicious downloads, Anatsa and Coper pose high-risk on-device fraud. Review … Read more
May 28, 2024 at 11:02AM Over 90 malicious mobile apps, including the Anatsa banking Trojan, have been downloaded over 5.5M times from the Google Play store. These apps act as decoys and spread various malware. The Anatsa Trojan uses evasive tactics to steal sensitive banking credentials, primarily targeting Android users in Europe but expanding globally. … Read more
February 20, 2024 at 07:15AM Anatsa, an Android banking trojan, has intensified its targeted attacks on mobile banking apps. With over 600 target apps worldwide, Anatsa’s malicious droppers have gained 30,000 installs via Google Play. The trojan allows fraudulent transactions and has expanded its campaign to new regions, evading Google’s play store restrictions. ThreatFabric warns … Read more
February 19, 2024 at 06:21AM The Android banking trojan Anatsa has extended its reach to Slovakia, Slovenia, and Czechia in a new campaign observed in November 2023, exploiting accessibility service and bypassing Google Play’s protections. Anatsa targets banking customers with dropper apps on the Play Store, gaining control over devices, stealing credentials, and perpetrating fraudulent … Read more