anatsa
-
Cybersecurity experts have identified a malicious QR code reader app on Google Play that is delivering the notorious Anatsa banking malware.
-
Cybersecurity researchers at Zscaler ThreatLabz have uncovered a sophisticated Android banking trojan called Anatsa (also known as TeaBot) that is actively targeting Android users through seemingly harmless apps in the Google Play Store.
-
Researchers have observed a significant increase in attempts to spread the Anatsa Banking Trojan under the veil of legitimate-looking PDF and QR code reader apps on the Google Play store.
-
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
·
Technical Analysis As mentioned previously, Anatsa utilizes remote payloads retrieved from C2 servers to carry out further malicious activity.
-
A threat actor is using malware droppers disguised as legitimate mobile apps on Google’s Play store to distribute a dangerous banking Trojan dubbed “Anatsa” to Android users in several European countries.
-
Operators of the SpyNote Android banking trojan have updated the payload to impersonate legitimate cryptocurrency wallets and facilitate cryptocurrency exfiltration, which represents a significant shift from the malware’s prior focus on account credentials, according to Hackread.
-
The Anatsa banking Trojan campaign has been observed increasingly targeting European banks, according to new data by ThreatFabric researchers.