Despite Google’s efforts to keep Google Play free of malware, malicious actors are finding ways to sneak past its defenses and distribute their malware to the general public. Such is the case of Anatsa, a banking trojan that could potentially drain accounts of their funds. So, what is Anatsa, and how do you spot it?

What Is the Anatsa Banking Trojan?

Anatsa is anAndroid banking Trojanwhose main goal is to steal funds from its victims. It does so by tricking the user into thinking they’re signing into their bank account when they’re actually handing over their login details to a malicious third party.

Banking Trojans are nothing new, and Anatsa is no different. However, what makes this malware especially notable is how it gets onto people’s phones

antasa google play malware examples

How the Anatsa Trojan Infects Your Phone

While Trojan malware such Anatsa are often found in third-party app stores, malicious developers have found a way to distribute the malware via Google Play, the official Android app store.

To achieve this, the developers first make or obtain a legitimate app. There are no restrictions on what form this app could take; a report byZScalerfound the malware in a PDF reader and a QR code scanner.

person using banking app on smartphone feature

The developer is careful not to put any malicious code into the app itself. Doing so would trigger Google Play’s antivirus measures and stop the app from publication. Instead, the developers code a download service disguised as a software updater. In truth, the download service is not meant to update the app; instead, it acts as aTrojan dropperthat delivers the malicious Anatsa malware onto the victim’s phone.

How the Anatsa Trojan Steals Your Banking Information

The Anatsa attack begins when the fake app asks the user to update the app. If the user accepts, the app activates the Trojan dropper that delivers Anatsa onto the victim’s phone.

Once it’s installed, Anatsa checks the phone to see if any major banking apps are installed on it. If it finds one, it will pop up a fake login page the next time the victim tries to open the banking app.

A screenshot of an app, showing its download count and publication date.

This fake login page takes the user’s login details and sends them back to a malicious agent, who can then use the details to access the victim’s bank account. From here, the Anatsa distributor can begin siphoning off funds from the victim’s bank account without the target knowing they’ve been compromised.

How to Avoid Being Infected by Anatsa

Unfortunately, the usual advice foravoiding Android malwarefalls short here. Not only does this malware affect apps on Google Play, but it could theoretically be planted in any kind of app, from a fake copy of a legitimate service to a real app that actually does what it says it does (albeit with a nasty surprise hidden).

Check the App’s Trustworthiness Before Downloading It

Despite Anatsa’s sneaky tactics, there are still ways to sniff out a potentially malicious app on Google Play. What you’re primarily looking for is some kind of authority, something that states that the app cannot be trusted. Reviews won’t work here because the agent may sneak Anatsa onto an app that actually does the job people downloaded it to do.

Instead, you’re looking for proof that the app has been around for a long time and has seen a healthy number of downloads since its release. The app’s information sheet, which you can find on its Google Play page, provides both of these details. This is one good way tocheck if an Android app is safebefore you download it.

Failing that, you could always download apps from reputable companies that you know and trust. For example, there’s the AndroidAdobe Acrobat Reader: Edit PDFapp you can use to view PDFs on your phone, and you can be certain it won’t come laced with money-stealing malware bundled in.

Set Up Two-Factor Authentication (2FA) With Your Bank

Finally, it’s a good idea to set uptwo-factor authentication(2FA) with your bank. Ideally, you’ll want a 2FA service that doesn’t ask for a code from an authenticator. Sometimes, fake login pages will ask for this code as part of the login process, and the scammer can use it the moment they get the information to get into your account.

Instead, you’ll want something that the scammer can’t use themselves if you accidentally hand over your details. For example, I have a secret password with my bank service, and when I log in, it will ask me for specific characters from that password. One time, it may ask for the first, second, and ninth character; the next, it’ll want the second, fifth, and sixth. This is far harder for a scammer to steal; even if they manage to trick you once, they’ll only have a tiny portion of a larger password.

Anasta is pretty terrifying, and its prevalence in innocent-looking apps on Google Play makes it a nasty piece of work. However, if you only downloaded trustworthy apps on Google Play and set up 2FA with your bank, you should be fine.