Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
May 29, 2024, 1:29 p.m.
Tags
External References
Description
Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anatsa has targeted banking apps in Europe and expanded to the US, South Korea, and Singapore.
Date
Published: May 28, 2024, 11:07 a.m.
Created: May 28, 2024, 11:07 a.m.
Modified: May 29, 2024, 1:29 p.m.
Attack Patterns
Anatsa
Anatsa
T1432
T1516
T1412
T1430
T1407
T1548
T1444
T1546
T1005
T1406
Additional Informations
Banking
Finland
Singapore
Spain
Germany
United Kingdom of Great Britain and Northern Ireland
United States of America