We have talked on many occasions about the security risks that target bank accounts. In this case, we echo a new malware, Anatsa, which is distributed through Android with the aim of taking control of victims’ accounts. We are going to explain to you how they are sneaking it in, who exactly it affects, and what you can do to protect yourself from this problem and others like it.
The first thing you should know is that it affects people from Spain, as well as other European countries. Cybercriminals infect devices and, from there, can steal money and compromise privacy. It is essential to prevent this from happening and to do this you can take some measures.
Anatsa, the banking malware that affects Spain
This is a banking Trojan that is distributed through Android applications. The main problem is that these programs have been within Google Play, the official application store. This has caused many users to install these varieties of software thinking they were legitimate, but really not.
According to a group of security researchers at ThreatFabric, since last November there have been at least 150,000 infections with this Trojan. They have not always focused on the same countries or geographic areas. Now it seems to especially affect Spain, the United Kingdom, Germany, the Czech Republic, Slovakia and Slovenia.
What attackers do is exploit the Android accessibility service, so they manage to bypass security measures. It affects different versions up to Android 13. They also use fake applications, which the victim needs to install for the entire attack process to start.
Mainly, they use fake PDF viewer applications. Some programs that affect Android are Phone Cleaner – File Explorer, PDF Reader: File Manager, PDF Reader – Viewer & Editor or PDF Viewer – File Explorer. In total, they have had about 150,000 downloads in recent months.
Tips to avoid problems
What can you do to avoid security problems of this type? Something essential is to be very careful with the applications you install. The first thing is that you must install them from official sources, although you have been able to see that in this case they have snuck the malware into Google Play. However, on official sites you will be less likely to fall into the trap.
Additionally, you should carefully review the permissions requested by that application. Be careful with giving permissions that you don’t really need, since that will expose your security and you will have problems. Even if it seems like a reliable program, check what permissions you are going to give it. We can say that among the most common attacks in recent years, these types of fake applications that ask for permissions are very present.
It is also important to have the system updated correctly. In many cases, attackers will exploit vulnerabilities they find. These failures will open the way for malware to sneak in and potentially break security. Therefore, always make sure you have the operating system updated, as well as any application you use.
In short, be careful when installing applications from Google Play. If you have installed any of the ones we have mentioned, related to reading and editing PDF files, a banking Trojan could have slipped in. It is key to protect your device and avoid problems.
