Anatsa Android Malware Uses Fake Delivery Notifications to Infect Victims
The Anatsa Malware is a banking Trojan targeting Android devices. It is believed to be linked to the criminals behind the Cabassous Malware, also called FluBot, but it is the more dangerous out of the two families. According to researchers, the list of features that the Anatsa Malware has is far more extensive compared to Cabassous, and this makes it much more threatening.
The Anatsa Malware is being delivered to targets in Europe, the majority of its victims seem to be located in Belgium and Netherlands. Victims are typically approached through fake text messages claiming to come from renowned logistics companies like DHL and UPS. The messages say that the victim has a new package that must be retrieved and then urges them to download the DHL or UPS app for further information. However, the app link is not legitimate – it delivers a malicious APK file, which deploys the Anatsa Malware.
Once running, the Anatsa Malware can be interacted with in real-time by the criminals. They have the ability to observe the victim's screen and activity, perform clicks/actions remotely, open apps, and manipulate text input. This is common for high-profile Android banking Trojans, which enable their operators with the ability to orchestrate every stage of the attack.
Other commands that Anatsa Malware can execute on the infected device include:
- Enabling/disabling the screen.
- Self-removal.
- Ask the user to enter their password, pin, or gesture for unlocking.
- Temporarily disable the malware's persistence.
- Steal device accounts.
- Perform various gestures.
- Hijack Google Authenticator codes.
Needless to say, a high-profile malware family like Anatsa is not easy to get rid of. Spotting its activity on a compromised device is next to impossible because of the implant's ability to hide its icons, files, and activities. The recommended course of action for Android users is to protect their device by using a regularly updated anti-malware application. An extra cybersecurity tip that they can make use of is to never install software delivered via emails or text messages – always download official apps from the Google Play Store.