Users and security experts were shocked recently by a dangerous app on the Google Play Store. The app, which bore the name “Document Reader – File Manager,” appeared to be a straightforward instrument for document management and file opening.
However, security researchers later discovered that the malicious document reader app was secretly installing Anatsa malware, also known as the TeaBot banking trojan. Since the app had more than 50,000 downloads, thousands of users were aware of the problem before it was discovered.
Zscaler ThreatLabz researchers discovered this malicious app. They discovered that the application requested permissions from users that were not required for normal document reading. The app connected to a remote server after installation and downloaded potentially harmful files in the background.
The malware then attempted to obtain special permissions that would have allowed it to read sensitive phone data.
Anatsa is not a brand-new danger. It first appeared in 2020 and has since reached numerous regions. Its primary objective is to steal users’ banking information.
It does this by recording login information, watching how users type, and displaying fake screens that resemble banking apps. Once users enter their details, the attackers can access accounts and even perform fraudulent transfers.
Newer Anatsa versions, according to the researchers, target more than 800 global financial institutions. There have been affected victims from Germany, South Korea, and other regions. The threat has grown even wider as the malware now targets cryptocurrency apps.
The fake app’s appearance may have contributed to the malware’s ease of dissemination. It had basic features like opening PDFs and browsing files, as well as a straightforward design.
However, the app downloaded a secret payload behind the interface. If everything worked correctly, it turned into a fully active malware tool. If something failed, it showed a working file manager to avoid suspicion.
Once active, Anatsa requested special permissions using accessibility services. Apps can read text on the screen and even control parts of the phone with these permissions. With these permissions, attackers could insert fake screens on top of real banking apps, tricking users into entering passwords and other financial details.
This incident demonstrates that harmful apps can be hosted by official app stores as well. In the past, Google has taken action to remove numerous harmful applications.
More than 70 malicious apps with millions of downloads have been removed, according to reports. However, attackers are still able to get through by hiding dangerous code inside tools that look good.
Android users should remain alert. It is important to review app permissions, avoid apps with limited information, and check developer profiles. Risks can also be reduced by regularly updating phones and utilizing security apps.
Banking alerts, unknown logins, and sudden screen overlays are all examples of suspicious activity that users and organizations should be on the lookout for, according to security experts. One of the best ways to protect yourself is to stay aware.
This case demonstrates that simple apps are frequently used as a trap by cybercriminals, who continue to target mobile devices. Users can stay safe from threats like Anatsa by being aware of them and choosing apps with care.
For more daily updates, please visit our News Section.