216.73.217.176

Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store

· Published 28/05/2024 11:07 · Modified 29/05/2024 13:29

Export JSON

Essential information

Published
28/05/2024 11:07
Modified
29/05/2024 13:29
Tags
2024-05-28 anatsa android banking trojan teabot
Related entities
1 intrusion sets (apt), 10 techniques (mitre), 1 malware, 7 others

Description

Threat actors are distributing the banking malware through the Google Play store by disguising it as legitimate applications like PDF readers and QR code scanners. Once installed, downloads its payload and steals sensitive banking credentials through the use of overlays. has targeted banking apps in Europe and expanded to the US, South Korea, and Singapore.

External references