Anatsa was discovered by ThreatFabric in January 2021.
It is a rather advanced Android banking trojan with RAT and semi-ATS capabilities.
The first dropper was discovered in June 2021 masquerading as an app for scanning documents.
In total, ThreatFabric analysts were able to identify 6 Anatsa droppers published in Google Play since June 2021.
These apps posed as QR code scanners, PDF scanners, and cryptocurrency apps.
Actors behind it took care in making their apps look legitimate and useful.
There are large numbers of positive reviews for the apps.
The number of installations and the presence of reviews may convince Android users to set up the app.
Additionally, there were dropper installations from Alien (95,000+) and Hydra/Ermac (15,000+) malware families too.
This policing by Google has forced actors to find ways to significantly reduce the footprint of dropper apps.
This makes automated detection a much harder strategy to adopt by any organization.
The Android banking malware echo-system is evolving rapidly.
source: www.techworm.net
