HQ/EMEAFind out how we can help your business
A newly discovered malicious QR code reader app on Google Play could allegedly deliver the Anatsa banking malware once installed on a device. This discovery shows that the threat actors continue developing apps offered on legitimate app stores to infect users.
The malicious app, posing as a legitimate QR code reader, was found to be distributing the Anatsa banking malware, a sophisticated malware designed to steal sensitive banking information.
A recent tally shows that the app has already been downloaded thousands of times, potentially compromising a significant number of users, which could also imply that the malware operators have already harvested financial data from numerous users.
Researchers are warning users who have already installed a QR reader app from the Play Store as it could contain the Anatsa malware. This malicious payload is notorious for its advanced capabilities, such as keylogging, overlay attacks, and remote access, making it a dangerous threat to users’ banking security.
The Anatsa banking malware can execute its abilities once it acquires a set of privileges on the infected device.
According to investigations, the malicious app that carries the Anatsa banking malware asks for a series of permissions for the compromised device of the infected user. Once granted, the permissions could enable the malware to execute its malicious capabilities.
Some of Anatsa’s confirmed abilities include monitoring the user’s activities, capturing keystrokes, and overlaying fake login screens to steal credentials. Additionally, the malware can also remotely control infected devices, enabling attackers to perform unauthorised transactions.
This level of sophistication makes Anatsa a severe threat since it can bypass various traditional security measures and remain undetected for extended periods.
On the other hand, Google has removed the malicious QR reader app from the Play Store and is working to enhance its app inspection processes to prevent similar issues from reoccurring in the future. However, this incident shows that malware developers and operators are developing new strategies and using various methods to infect users.
Users should refrain from downloading unnecessary applications, especially if the app requests permissions unsuitable for their purposes. Lastly, users should check app reviews, be strict in granting permissions, and use reputable security software to detect and block malicious activities.
