New Banking Malware Hammers US and Canada, Reaches Over 50,000 Android Users in Just Six Days

A dangerous Android-based banking malware is rapidly spreading across the United States and Canada.

Anatsa is capable of stealing banking credentials using various methods including overlay attacks and keystroke logging attacks, reports Threat Fabric.

The banking malware can also conduct fraudulent transactions remotely from the infected Android devices.

Threat Fabric says Anatsa is being distributed on the US Google Play app marketplace under various guises such as a PDF update, a file manager, a document viewer, a phone cleaner and other legitimate-appearing apps. Once installed, an update transforms it into malicious software.

“Once the application gains a substantial user base – often in the thousands or tens of thousands of downloads – an update is deployed, embedding malicious code into the app.

This embedded code downloads and installs Anatsa on the device as a separate application.”

In the latest campaign, Threat Fabric says Anatsa was downloaded more than 50,000 times between June 24th and June 30th. Anatsa ranked third among the “Top Free Tools” category on the US Google Play app marketplace over that period.

While Anatsa has been active since at least 2020 and has enjoyed consistently high levels of success, the mobile cybersecurity firm says this is the third instance where the banking malware is focusing on mobile banking users in the US and Canada.

“The Anatsa malware campaigns continue to show a growing focus on North American targets, particularly mobile banking applications. The latest operation not only broadened its reach but also relied on well-established tactics aimed at financial institutions in the region.”

Generated Image: Midjourney