Android Banking Malware Distributed via Google Play Store

May 28, 2024, 11:28 a.m.

Description

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anatsa has targeted banking apps in Europe and expanded to the US, South Korea, and Singapore.

External References

https://otx.alienvault.com/pulse/6655bb0af84356806f384f5a
Tags
android
2024-05-28
banking trojan
anatsa
teabot

Date

  • Created: May 28, 2024, 11:07 a.m.
  • Published: May 28, 2024, 11:07 a.m.
  • Modified: May 28, 2024, 11:28 a.m.

Indicators

  • 91.215.85.55
  • 185.215.113.31
  • menusand.com
  • becorist.com
Download all indicators here!

Attack Patterns

  • Anatsa
  • Anatsa
  • T1432
  • T1516
  • T1412
  • T1430
  • T1407
  • T1548
  • T1444
  • T1546
  • T1005
  • T1406

Additional Informations

  • Banking
  • Finland
  • Singapore
  • Spain
  • Germany
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America