Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store

May 29, 2024, 1:29 p.m.

Description

Threat actors are distributing the Anatsa Android banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, Anatsa downloads its payload and steals sensitive banking credentials through the use of overlays. Anatsa has targeted banking apps in Europe and expanded to the US, South Korea, and Singapore.

External References

https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
https://otx.alienvault.com/pulse/6655bb0af84356806f384f5a
Tags
android
2024-05-28
banking trojan
anatsa
teabot

Date

  • Created: May 28, 2024, 11:07 a.m.
  • Published: May 28, 2024, 11:07 a.m.
  • Modified: May 29, 2024, 1:29 p.m.

Attack Patterns

  • Anatsa
  • Anatsa
  • T1432
  • T1516
  • T1412
  • T1430
  • T1407
  • T1548
  • T1444
  • T1546
  • T1005
  • T1406

Additional Informations

  • Banking
  • Finland
  • Singapore
  • Spain
  • Germany
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America