Google has a problem—a serious Play Store problem. A dangerous threat we were told had been banished from the store has seemingly just been found there again, and that will rightly alarm millions of users.
It’s just a few weeks ago that Android users were warned that 90 dangerous apps with 5.5 million installs had been found on Play Store. At the time, Google assured users that “all of the identified malicious apps have been removed from Google Play, [and] Google Play Protect also protects users by automatically removing or disabling apps known to contain this malware on Android devices with Google Play Services.”
And yet, here we are again—those defenses seem to have failed.
The malware in question is Anatsa, which Zscaler warns “exfiltrates sensitive banking credentials and financial information from global financial applications.” Once installed by means of a separate dropper app, Anatsa scans the infected device for banking apps it is coded to attack. It then captures login details via a fake login page overlaid over the real app and intercepts SMS passcodes. Then it drains your account.
In May, Zscaler suggested that “the recent campaigns conducted by threat actors deploying the Anatsa banking trojan highlight the risks faced by Android users,” users who were trusting the security of Google’s Play Store, it added.
And now Zscaler has just issued a fresh warning, that its ThreatLabz “has detected another malicious Android app that is currently live in the Google Play store… The app is disguised as a QR reader and file manager, but is actually a malware loader for the Anatsa banking trojan.” It’s a nasty case of déjà vu.
I have approached Google for any comments on this latest warning.
Anatsa’s use of an apparently clean app as a dropper has been key to its success. “This strategic approach,” Zscaler says, “enables the malware to be uploaded to the official Google Play Store and evade detection.” Past droppers have been trivial PDF and QR code readers and similar. And this latest warning is yet another of those QR readers.
As such, the golden rules to staying safer on Android remain as critical as ever: