Malicious Document Reader App on Google Play Infects Users with Anatsa Trojan

Severity: High (Score: 64.5)

Sources: Gbhackers, Cybersecuritynews

Summary

A fake document reader app on the Google Play Store has been discovered to install the Anatsa banking trojan on Android devices. The app, which was downloaded over 10,000 times before its removal, poses a significant risk to users by enabling financial fraud and credential theft. Anatsa is known for its capability to siphon sensitive information from infected devices. The malicious app was available on the official marketplace, illustrating vulnerabilities in app vetting processes. Users who downloaded the app may have already been compromised, leading to potential financial losses. Google has since removed the app, but the impact on users remains a concern. Security experts advise users to be cautious of apps that request excessive permissions. The incident underscores the need for improved security measures in app marketplaces. Key Points: • A fake document reader app on Google Play installed the Anatsa banking trojan. • The app was downloaded over 10,000 times before being removed by Google. • Users are at risk of financial fraud and credential theft due to the malware.

Key Entities

• Malware (attack_type)
• Trojan (attack_type)
• Anatsa (malware)
• T1036 - Masquerading (mitre_attack)
• Android (platform)