Five malicious apps that have racked up tens of thousands of downloads have been removed by Google Play after a research firm published a report on them.
The apps contained the Anatsa banking trojan and tracked users in the UK, the Czech Republic, Germany, Slovakia, Slovenia and Spain. Initially, the applications were specifically aimed at Samsung users, but later became independent of the manufacturer.
- Phone Cleaner – File Explorer
- PDF viewer – File Explorer
- PDF reader – viewer and editor
- Phone Cleaner: File Explorer
- PDF Reader: File Manager
The fake apps were disguised as PDFs and cleaner apps and were designed to make it to the top new freebies, increasing their chances of being downloaded by unsuspecting users.
The Anatsa Trojan has device takeover capabilities (DTO), which means it can take over an infected device and perform actions on your behalf. It can steal sensitive data from your phone and initiate transactions on its own.
As mentioned above, malicious apps are no longer available on Google Play, but if you already have them on your phone, you will need to delete them yourself.
To avoid becoming a victim of such apps in the future, before downloading any app, thoroughly check that it comes from a developer you trust. Another thing to pay attention to is the permissions requested, especially those related to the accessibility service.