Five more really risky apps have been found. They’re infected with something called the Anatsa trojan. This sneaky virus spies on people’s phones and snatches their bank passwords.
More Android apps have snuck past the Google Play Store’s security. Threat Intelligence found five of them, and they’re really dangerous because they carry the Anatsa banking trojan. These apps used a tricky method to steal people’s online banking info, step by step.
The 5 infected apps discovered
This time, hackers did something different. Instead of hiding the virus in games like before, they put it in apps that seem helpful for managing your phone. There were three PDF file readers and two file managers infected.
The infected apps discovered by Threat Intelligence are these:
- Phone Cleaner
- PDF Viewer
- PDF Reader
- Phone Cleaner: File Explorer
- PDF Reader: File Manager
All these apps have the Anatsa virus in them, and they’ve been downloaded over 130,000 times in Europe. People in the United Kingdom, Spain, Slovakia, Slovenia, and the Czech Republic are the ones mostly affected.
Because these apps are dangerous
These five infected apps have a clever way of spreading and working that helped them get past the Play Store’s defenses and run without anyone noticing for months.
At first, the apps are put on the Play Store without any virus in them. Then, over time, they’re updated with the infected version. But even from the beginning, they ask for certain permissions to work right, like something called “accessibility services.”
These accessibility services are supposed to help people with disabilities use their phones better, especially those who can’t see well. They let apps see what’s on the screen and even read it out loud.
But these same services are being used by bad apps, like these five, to spy on what’s on your screen while you type in important stuff like your bank password.
If a hacker gets your bank details, they can steal your money in no time. They can even read any codes that come to your phone, like those you need to make a payment.
Also, some clues about Samsung phones’ interface, called One UI, were found in these apps’ code. This might mean that these apps were first made to attack Samsung phones, but then they were changed to target all Android phones.
How to protect yourself from these apps
hreat Intelligence told Google about these five apps, and Google quickly took them off the Play Store. So if you try to find them now, you won’t.
Even if you installed them before, they should be gone from your phone now. That’s because Android’s Play Protect system tells phones to get rid of infected apps, which are also taken off the Play Store.
But it’s always smart to check your phone yourself, because Play Protect might not catch everything.
As a good safety tip, always check what permissions apps are asking for. If a PDF reader or a file manager wants to use accessibility services, that’s a red flag.
Emma Waterhouse
Writer and Editor-in-Chief at SereneWings