Anatsa malware targeting European Android users via apps on Google Play app store

An Android trojan resurface by piggybacking on apps available on Google Play. (Image via Android w/ edits)

Anatsa is a trojan that specifically targets banking use on Android smartphones. Deployed by seemingly innocuous apps on Google Play, the malware has infected more than 100,000 European users.

Sam Medley, Published 02/19/2024 🇨🇳 🇪🇸 ...

There's a banking trojan targetting European Android users, and it uses a secure vector for deployment.

Anatsa is a piece of malicious code that infects Android smartphones and targets banking applications to steal a user's banking info. It was first noticed in early 2023 but seemed to fall by the wayside. Now, a new report claims that the malware resurfaced in November 2023 via otherwise normal Android apps.

The latest deployment campaign targeted European users in Slovakia, the Czech Republic, and the surrounding region, according to Threat Fabric. This is in addition to last year's wave of infections that targeted the United Kingdom, Spain, and Germany.

In this latest spread, the virus is deployed via seemingly innocuous apps available on the Google Play app store. Specifically, the trojan was found in the following apps (list via Bleeping Comptuer):

Phone Cleaner - File Explorer (com.volabs.androidcleaner)
PDF Viewer - File Explorer (com.xolab.fileexplorer)
PDF Reader - Viewer & Editor (com.jumbodub.fileexplorerpdfviewer)
Phone Cleaner: File Explorer (com.appiclouds.phonecleaner)
PDF Reader: File Manager (com.tragisoap.fileandpdfmanager)

As of press time, these apps are no longer present on Google Play.

As of today, Threat Fabric states the malware has infected over 100,000 devices. However, that number is expected to grow as new apps are deployed to carry the virus.

Per Threat Fabric, Anatsa has the capability to fully control an infected device and "execute actions on a victim's behalf." In other words, the malware can take control of an installed banking app and execute transfers, withdrawals, and wires, all in the background and without the user's knowledge.

Android users, especially those in Europe, are urged to check their bank transaction records for any potentially fraudulent activity and report it to their financial institution immediately. They are also advised to review app permissions (specifically accessibility services) and to never download or install unknown or suspicious applications.

Buy a Google Pixel 8 on Amazon.

Source(s)

Threat Fabric

Bleeping Computer

Game demo linked from Steam page contained malware, raising more security concerns for Valve 03/17/2025

European Commission censorship as imagined by AI (Image source: Generated using DALL·E 3)

The European Commission fires back at Meta and refutes any claims of censorship 01/09/2025

Cthulhu stealer is basically a disguised Apple disk image (DMG) file that is written in Golang open-source programming language. (Image source: Notebookcheck)

A $500-a-month malware dubbed "Cthulhu Stealer" targets macOS users and steals sensitive data 08/26/2024

The Kids section in Google Play (Image source: Own)

Google pulls the plug on the Play Security Reward Program 08/20/2024

A screenshot from a dark web site taken by ThreatMon claims that ransomware group Mogilevich has stolen nearly 200 GB of data from Epic Games. (Image source: ThreatMon on X)

Epic Games data breach allegedly exposes 189 GB of customer data, source code — company denies claims 02/28/2024

The Zenfone 11 Ultra appears to be a continuation of the ROG Phone 8 series. (Image source: ASUS)

ASUS Zenfone 11 Ultra revealed with hints of ROG Phone 8 re-brand before March 'expand your vision' global release 02/20/2024

The Phone (2a) is slated to arrive for €100 less than the Redmi Note 13 Pro Plus 5G. (Image source: @OnLeaks & SmartPrix)

Nothing Phone (2a) confirmed to launch with Xiaomi Redmi Note 13 Pro Plus 5G rivalling chipset for rumoured €349 as fresh design shown in new leaked renders 02/20/2024

Reviewer catches factory-shipped spyware in a mini PC (Image source: The Net Guy Reviews)

Chinese mini PC gets caught for shipping with factory-installed spyware 02/10/2024

HP's Dynamic Security ensures the use of only HP ink cartridges in its printers (Image Source: HP)

HP cites threat of viruses from non-HP printer cartridges to justify blocking their use, experts sceptical 01/23/2024

Operation Triangulation is Kaspersky's ongoing investigation of the iOS attack (Image Source: Bing AI)

Most sophisticated iPhone malware attack ever seen detailed in Kaspersky's 'Operation Triangulation' report 12/31/2023

A new malware has been discovered by cybersecurity firm ThreayFabric on the Play Store. (Image: RoonZ.nl via Unsplash)

A new money-stealing malware makes rounds on Google Play Store posing as an innocent app with over 50,000 downloads 02/24/2022

Cryptominers may soon be able to comfortably unlock the full hashrate performance of most Nvidia RTX LHR GPUs (Image: Christian Wiediger)

Nvidia RTX LHR v2 Unlocker claims to restore the full cryptomining performance of hamstrung GeForce GPUs 02/22/2022

Scams and crypto-malware are more rampant than ever. (Image Source: Comodo cWatch)

New Mars Stealer malware targets Chrome-based browser crypto wallets 02/04/2022

Joker malware discovered in multiple apps with thousands of installs on the Google Play Store 11/23/2021

The criminal developer of the GriftHorse trojan targets unsuspecting Android users with expensive subscriptions (Image: Gerd Altmann)

The GriftHorse trojan has infected over 10 million Android smartphones and silently activates expensive subscriptions 10/01/2021

Read all 5 comments / answer

Loading Comments

Comment on this article

Honor MagicBook Pro 16 teased as be...

AOHi The Starship 140W 40,000mAh po...

Sam Medley - Senior Tech Writer - 1446 articles published on Notebookcheck since 2016

I've been a computer geek my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a database administrator. I started working with Notebookcheck in October of 2016 and have enjoyed writing news and reviews. I've also written for other outlets including UltrabookReview and GeeksWorldWide, focusing on consumer guidance and video gaming. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not writing on electronics or tinkering with a device, I'm either outside with my family, enjoying a decade-old video game, or playing drums or piano.

contact me via: Bluesky, LinkedIn

Please share our article, every link counts!