The Nigerian Computer Emergency Response Team (ngCERT) has alerted that over 70,000 Android devices have been infected by a new variant of the Anatsa banking trojan, which is designed to steal financial data.
This sophisticated malware targets users by disguising itself as a legitimate PDF and QR code reader application, leveraging advanced techniques to evade security measures and access sensitive information, ngCERT, the Nigerian internet police unit says in its latest cybersecurity alert.
The Anatsa trojan exploits Android’s accessibility services to gain complete control over the infected devices. Once installed, ngCERT warns, the trojan can perform actions such as launching phishing attacks with fake login screens to capture banking credentials, recording keystrokes, and intercepting payment information. The malware can also remotely interact with the device, performing clicks, scrolls, and swipes, and can prevent users from accessing certain apps, including security applications.
Once installed, ngCERT warns, the trojan can perform actions such as launching phishing attacks with fake login screens to capture banking credentials, recording keystrokes, and intercepting payment information. The malware can also remotely interact with the device, performing clicks, scrolls, and swipes, and can prevent users from accessing certain apps, including security applications.
Nigerian Computer Emergency Response Team (ngCERT).
“The trojan is delivered through malicious apps that appear to be legitimate PDF and QR code readers or cleaner apps. These apps initially behave normally until they secretly download, decrypt, and execute the trojan’s payload, which bypasses the restricted settings for accessibility services, mostly in Android 13,” according to ngCERT.
This payload then establishes a connection with a command and control (C2) server, awaiting instructions from the attacker.
ngCERT on how to protect Android device against Anatsa
NgCERT has issued a series of recommendations to help Android users protect their devices from this threat:
Avoid Installing Untrusted Apps: Only download apps from trusted sources and carefully review the app ratings and user feedback on the Google Play Store.
Be Wary of Unnecessary Permissions: Be cautious of apps requesting excessive permissions, especially those related to accessibility services or the installation of unknown apps.
Uninstall Suspicious Apps: If an app is suspected of containing the Anatsa trojan, uninstall it immediately and perform a thorough scan of the device with a reputable antivirus application.
Monitor Banking Activity: Change banking passwords regularly and keep a close eye on account activity. Report any suspicious transactions to the respective financial institutions promptly.
“The Anatsa banking trojan represents a significant threat to the financial security of Android users,” ngCERT says. “We urge everyone to exercise caution and follow the recommended guidelines to safeguard their personal and financial information.”
Home