- Two free ways to get a Perplexity Pro subscription for one year
- The 40+ best Black Friday PlayStation 5 deals 2024: Deals available now
- The 25+ best Black Friday Nintendo Switch deals 2024
- Why there could be a new AI chatbot champ by the time you read this
- The 70+ best Black Friday TV deals 2024: Save up to $2,000
Anatsa Banking Trojan Targets Banks in US, UK and DACH Region
Threat actors using the notorious banking Trojan Anatsa have launched a new campaign targeting banks in the US, UK and the DACH region (Germany, Austria and Switzerland).
According to a new blog post by ThreatFabric, this ongoing campaign started around March 2023 and has witnessed over 30,000 installations of the malware so far.
The security experts highlighted Anatsa’s advanced capabilities, particularly its Device-Takeover Fraud (DTO) feature, which allows it to bypass various fraud control mechanisms employed by financial institutions.
At a more basic level, the Trojan’s primary objective is to steal credentials used in mobile banking applications and initiate fraudulent transactions.
The distribution of Anatsa occurs through dropper applications hosted on the Google Play Store. These droppers masquerade as legitimate applications, such as PDF readers, to deceive users. ThreatFabric’s analysts have observed a rapid release of droppers, with new ones appearing shortly after the previous ones are removed from the store.
Read more on droppers: Lancefly APT Custom Backdoor Targets Government and Aviation Sectors
Once infected, Anatsa collects sensitive information through overlay attacks and keylogging, compromising credentials, credit card details and other payment-related data.
While Anatsa has previously targeted different regions, this campaign demonstrates a specific focus on the DACH region, particularly Germany.
Additionally, ThreatFabric said the threat actors behind Anatsa had updated their target list to include nearly 600 financial applications worldwide.
The security firm added that the latest Anatsa campaign is a stark reminder of the evolving threat landscape faced by banks and financial institutions in the digital era.
“The recent Google Play Store distribution campaigns targeting US, DACH, and UK regions demonstrate the immense potential for mobile fraud and the need for proactive measures to counter such threats,” reads the blog post.
Its publication comes months after Cleafy security researchers discovered a new Android banking Trojan in several malicious campaigns worldwide.