Today > 1 Critical | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store

May 29, 2024, 1:29 p.m.

Description

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anatsa has targeted banking apps in Europe and expanded to the US, South Korea, and Singapore.

Date

Published: May 28, 2024, 11:07 a.m.

Created: May 28, 2024, 11:07 a.m.

Modified: May 29, 2024, 1:29 p.m.

Attack Patterns

Anatsa

Anatsa

T1432

T1516

T1412

T1430

T1407

T1548

T1444

T1546

T1005

T1406

Additional Informations

Banking

Finland

Singapore

Spain

Germany

United Kingdom of Great Britain and Northern Ireland

United States of America