Anatsa Banking Trojan Targets Banks in US, UK and DACH Region

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Threat actors using the notorious banking Trojan Anatsa have launched a new campaign targeting banks in the US, UK and the DACH region (Germany, Austria and Switzerland).

According to a new blog post by ThreatFabric, this ongoing campaign started around March 2023 and has witnessed over 30,000 installations of the malware so far.

The security experts highlighted Anatsa’s advanced capabilities, particularly its Device-Takeover Fraud (DTO) feature, which allows it to bypass various fraud control mechanisms employed by financial institutions. 

At a more basic level, the Trojan’s primary objective is to steal credentials used in mobile banking applications and initiate fraudulent transactions.

The distribution of Anatsa occurs through dropper applications hosted on the Google Play Store. These droppers masquerade as legitimate applications, such as PDF readers, to deceive users. ThreatFabric’s analysts have observed a rapid release of droppers, with new ones appearing shortly after the previous ones are removed from the store.

Read more on droppers: Lancefly APT Custom Backdoor Targets Government and Aviation Sectors

Once infected, Anatsa collects sensitive information through overlay attacks and keylogging, compromising credentials, credit card details and other payment-related data.

While Anatsa has previously targeted different regions, this campaign demonstrates a specific focus on the DACH region, particularly Germany. 

Additionally, ThreatFabric said the threat actors behind Anatsa had updated their target list to include nearly 600 financial applications worldwide.

The security firm added that the latest Anatsa campaign is a stark reminder of the evolving threat landscape faced by banks and financial institutions in the digital era.

“The recent Google Play Store distribution campaigns targeting US, DACH, and UK regions demonstrate the immense potential for mobile fraud and the need for proactive measures to counter such threats,” reads the blog post.

Its publication comes months after Cleafy security researchers discovered a new Android banking Trojan in several malicious campaigns worldwide.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet
Bitcoin scams, hacks and heists – and how to avoid them
How technology drives progress – A Q&A with Nobel laureate Michel Mayor
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

Leave a Reply

Your email address will not be published. Required fields are marked *