This week, security research group Zscaler reported they had discovered over 90 malicious Android apps available on the Play Store. The apps had been installed more than 5.5 million times collectively, and many were part of the ongoing Anatsa malware campaign, which has targeted more than 650 apps tied to financial institutions.
As of February of 2024, Anatsa infected at least 150,000 devices via several decoy apps, many of which are marketed as productivity software. While we don't know the identities of most of the apps involved in this latest attack, we do know about two: PDF Reader & File Manager, as well as QR Reader & File Manager. At the time of Zscaler’s investigation, the two apps had garnered over 70,000 installs between them.
Despite Google’s review process for apps applying to the Play Store, malware campaigns like Anatsa are sneaky, and can utilize a multi-stage payload loading mechanism to help them evade these reviews. In other words, the app masquerade as legitimate, and only start a stealthy infection once installed on the user's device.
You might think you're downloading a PDF reader, but once installed and opened, the "dropper" app will connect to a C2 server and retrieve the configurations and essential strings that it needs. It will then download a DEX file containing the malicious code and activate it on your device. From there, the Anatsa payload URL is downloaded through a configuration file, and that DEX file installs the malware payload, completing the process and infecting your phone.
Luckily, all identified apps have been removed from the Play Store, and their developers have been banned. However, that won't delete these apps from your smartphone if you downloaded them. If you have either of these two apps on your phone, uninstall them immediately. You should also change the passcodes of any banking apps that you might have used on your phone to avoid your accounts being accessed by the threat actors behind Anatsa.
While malicious developers can be tricky with their attacks, there are some tips you can follow to determine if an app on the Play Store is legitimate. The first is to really pay attention to the app's listing: Look at its name, the description, and its images: Does everything match with the service the developers are advertising? Is the copy well written, or is it riddled with mistakes? The less professional the page appears, the more likely it is to be a fake.
Only download apps from publishers you can trust. This is especially true if you’re downloading a popular app, as malware apps sometimes impersonate high-profile apps on phones and other devices. Double-check the developer behind the app to make sure they're who they purport to be.
You should also check the requirements and permissions that the app asks for. Anything that asks for accessibility should usually be avoided, as this is one of the main ways that malware groups bypass the security parameters placed on many newer devices. Other permissions to look out for include apps asking for access to your contact list and SMS. If a PDF reader wants your contacts, that's a big red flag.
Read through the reviews for the app, as well. Watch out for apps that don't have many ratings, or ones where all the reviews seem suspiciously positive.
The app's support email address can also be telling. Many malware apps will have a random Gmail account (or other free email account) tied to their support email. While not every app will have a professional email listed for support, you can usually tell if something might be sketchy based on the information that the group provides.
Unfortunately, there’s no surefire way to avoid malware apps unless you don’t install apps at all. But, if you’re mindful of the apps that you’re installing and pay attention to the permissions, developer, and other important information, you can usually pick up on whether or not an app is sketchy.
Microsoft has largely billed its AI chatbot, Copilot, as a free-to-use AI experience. You can download the app, call up the chatbot in Windows 11, or
Ultrawide monitors can help you save space and (sometimes) money compared to having two separate monitors. The 29-inch LG UltraWide monitor can do bot
I've waited a long time for an iPhone upgrade, and I've decided this is finally the year I make the switch. With the iPhone 16 series, I've seen enoug
The Pixel 9 Pro Fold is expensive. That's not news for anyone who follows smartphones closely, particular the foldable variety. As David Nield explain
So you've finally decided to quit X. If the boosting of paid blue checks and monetized hate didn't do it, and the stupid name change didn't do it, may
I’ve never really understood outdoor Christmas lighting—it seemed like a lot of work to put it up and take it all down every year. But last year, I go
We are a dynamic information platform dedicated to delivering timely, relevant, and reliable content across a broad spectrum of topics. From the latest in technology and business to lifestyle, health, and global affairs, we aim to keep our readers informed and inspired.
Our editorial team is committed to maintaining high standards of accuracy and clarity, ensuring that every article provides value and context in an ever-changing world. We believe in the importance of accessible knowledge and strive to make complex topics understandable for everyone.
Whether you're here to stay updated on current events, explore thought-provoking features, or simply learn something new, our goal is to offer a trustworthy source of information that meets the needs of a diverse and curious audience.