The Zscaler has identified more than 90 applications in the Google Play Store to be infected with the Anatsa (aka the Teabot, a trojan notorious bank for Android allows you to steal the credentials of the account is up to date. Having looked at the code of the two applications, it was discovered the techniques used by cyber criminals cyber to get financial data.
The Play Store is not immune to malware
Anatsa can be aimed at over 650 applications for banking in Europe, the US, Asia, and the UK. Cyber criminals cyber employ a technique is very simple and effective way to deceive the user. Applications, such as PDF Reader & File Manager, and QR Reader & File Manager, but by Zscaler, look at the appearance of the safe. First, they do not contain any malware, so go check Google.
At the end of the installation, click on the droper, which discharges to an update from the server C2 (command and control). In fact, it is the Anatsa. When you start the application, gather different information about the device, some of which are used to identify each box of sand and could emulimi to be used by the researchers.
The Malware then discharges to a file, a configuration based on the location of the user. This allows you to scan the application of the bank pursuant to the land. As well as the trojanët and others like it, it asks for permissions to the SMS and aksesueshmërinë.
When the victim, who does not doubt, step one of the application of the banking, Anatsa mbivendos a display of identification similar to that of the right. Of course, the details of the entry, including the name of the user email and password, end up in the hands of criminals-cyber, which then empty the bank account. Two applications of the infected have been removed from the Google Play Store, but it's always better to avoid dismissal of the application to be released by the developers of the uncharted territory.
Discussion about this post