Trojan Anatsa, also known as TeaBot, has reportedly infected dozens of applications on Google Play. This malware steals users’ confidential data, including banking information, marking a critical level of malicious software presence on the Android app store.
Cybersecurity Threat into Google Play
According to the research conducted by the Zscaler, a security technology-specialized company, hackers have been actively using Google Play for the distribution of the Anatsa Trojan. The Trojan disguises itself as regular (useful) apps like file managers, QR code scanners, and translators. Dozens of these malicious programs have infiltrated Google Play, infecting millions of user devices.
As reported by Extremetech, upon installation of these programs on a device, Anatsa silently downloads malicious code or additional components from the hackers’ remote servers. This typically appears as a regular app update. The Trojan then requests permission to use various device functions before scanning for financial organization applications and services such as banks and payment systems. If such apps are found, Anatsa swaps their interface with fake login pages to steal account details.
Scale of the Cyber-Attack
Researchers stumbled upon dozens of such malicious programs in Google Play; each program was downloaded an average of 70,000 times. Although Anatsa is currently the fastest-growing threat, it accounts for only 2.1% of attacks. Over 50% of attack rates were from Trojans Joker and Facestealer, which largely aim to steal social media account data, SMS messages, and various other information.
The majority of these viruses often disguise themselves as useful apps for handling QR codes, PDF files, image processing software, and device personalization programs. Cybercriminals have found leveraging Google Play for malware distribution to be an effective strategy. This is because many users correlate an app’s popularity with its reliability and security and thus more likely to download apps with a significant number of installations. The hackers advertise their “useful” apps, boosting their installation ratings, leading to more device infections and gaining access to confidential data of enormous numbers of people worldwide.