"Zscaler's ThreatLabz spotted and reported 77 apps containing malware, many of them purporting to be utilities or personalization tools. Many contained an updated version of the Anatsa banking trojan, malware that first appeared in 2020. The latest build includes a keylogger for password collection, SMS interception capabilities, and anti-detection tools. Zscaler thinks it's being used to target 831 financial institutions globally, including both crypto exchanges and regular banks."
"The APK uses a corrupted archive to hide a file, which is deployed during runtime. This archive has invalid compression and encryption flags, making it hard for static analysis tools to detect. Since these tools depend on standard ZIP header checks in Java libraries, they fail to process the application. Despite this, the application will run on standard Android devices."
Zscaler found 77 malicious apps on Google Play that collectively recorded over 19 million downloads. Many apps posed as utilities or personalization tools while carrying an updated Anatsa banking trojan with a keylogger, SMS interception, and anti-detection features. The malware targets about 831 financial institutions, including crypto exchanges and traditional banks. The strain evades Google's scanners by downloading code chunks with separate DES keys, altering names, hiding payloads within JSON files, and using corrupted archives that break static ZIP-based analysis. Apps request elevated permissions and rely on social engineering to activate.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]