Android phone owners have been urged to delete five dodgy apps that can steal your data, raid your bank account, and take control of everything on your phone behind your back.
Google has booted the dangerous apps from the Play Store, but that only prevents people who haven’t installed the software before from downloading it to their phone – it doesn’t help if these troublesome apps are already on your handset.
Security researchers warned that many of the apps laced with malware reached the top three in the Top New Free charts on the Google Play Store, making them all seem credible and triggering hundreds of thousands of downloads in the UK and mainland Europe.
Hidden in these dangerous Android apps – disguised with innocent names like Phone Cleaner and PDF Viewer – is a banking trojan called “Anatsa”. It has been built to target users in the UK, Germany, Spain, Slovakia, Slovenia, and the Czech Republic.
Phone Cleaner - File Explorer is one of the Android apps that security researchers found sneaking the banking trojan into the Play Store. It ranked in third position in the Top New Free charts
THREAT FABRIC | GOOGLE PLAY STORE
Security researchers from Threat Fabric have been tracking this strain of banking malware since June 2023. Unsuspecting Android users downloaded the thieving malware between 150,000 and 200,000 times before Google removed the problematic apps from its digital storefront.
If you’ve downloaded any of these apps, hackers can remotely take control of your phone and perform tasks behind your back. Anatsa lets them siphon personal information from your device and make payments from popular banking apps.
Threat Fabric researchers warned Samsung smartphone owners to be particularly alert to the threat. That’s because the malicious code discovered in these Android apps seemed to suggestscammerstailored them to fit with user interface elements specific to Samsung hardware.
“This suggests that the threat actors initially developed and tested their code exclusively for Samsung devices,” the experts noted in a detailed report about the resurgence of Anatsa.
The apps you’ll need to manually remove from your phone are as follows...
A spokesperson for Google said: “All of the apps identified in the report have been removed from Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.
“Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play.”
LATEST DEVELOPMENTS
Deleting the apps should remove the threat from your phone. If you receive a warning from Google’s Play Protect service, always check what has triggered the alert and take action.
Worryingly, the team at Threat Fabric don’t anticipate an end to malicious apps trying to sneak Anatsa onto your Android phone. In a blog post, the researchers cautioned: “Based on this pattern, we anticipate the continuation of this campaign, with new droppers appearing in the official store and an expansion into additional targeted regions.”
The experts believe banks should do more to warn customers about the dangers of downloading untrustworthy apps. They posted: “Financial organisations should urgently educate their customers about the risks of installing applications, even from official stores, and caution against enabling AccessibilityService for apps that don't require it for their supposed operations.
“In cases where customers report unusual device behaviour or unrecognised transactions, we advise institutions to inquire about recent activities such as newly installed applications and any permissions granted, particularly regarding AccessibilityService.”
Last year, Google removed 17 Android apps from the digital shelves of its Play Store after researchers flagged security concerns.
The apps, which had been downloaded over 12 million times, claimed to offer access to short-term loans ...but were designed from the ground up to steal buckets of sensitive data from your device.
