216.73.217.22

Android Banking Malware Distributed via Google Play Store

· Published 28/05/2024 11:07 · Modified 28/05/2024 11:28

Export JSON

Essential information

Published
28/05/2024 11:07
Modified
28/05/2024 11:28
Tags
2024-05-28 anatsa android banking trojan teabot
Related entities
4 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware, 7 others

Description

Threat actors are distributing the banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, downloads its payload and steals sensitive banking credentials through the use of overlays. has targeted banking apps in Europe and expanded to the US, South Korea, and Singapore.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (4)

  • 91.215.85.55
  • 185.215.113.31
  • menusand.com
  • becorist.com

Intrusion sets (APT) (1)

  • Anatsa
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:02 · Modified 21/12/2025 05:02

Techniques (MITRE) (10)

Malware (1)

  • Anatsa
    Family
    Published 22/08/2025 23:28 · Modified 22/08/2025 23:28

Others (7)

  • Finland
  • Singapore
  • Spain
  • Germany
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America
  • Banking

External references