Five malicious apps that racked up tens of thousands of downloads were removed by Google Play after a research firm published a report about them.
The apps contained the banking trojan Anatsa and were after users in the UK, the Czech Republic, Germany, Slovakia, Slovenia, and Spain. Initially, the apps were specifically targeting Samsung users but later on, it became manufacturer agnostic.
- Phone Cleaner – File Explorer
- PDF Viewer – File Explorer
- PDF Reader – Viewer & Editor
- Phone Cleaner: File Explorer
- PDF Reader: File Manager
The fake apps were disguised as PDF and cleaner apps and were designed in a way to reach the Top New Free charts, increasing their chances of getting downloaded by unsuspecting users.
The Anatsa trojan has Device Takeover (DTO) capabilities, meaning it can take over an infected device and perform actions on your behalf. It can steal sensitive information from your phone and initiate transactions on its own.
As mentioned before, the malicious apps are no longer available on Google Play, but if you already have them on your phone, you’ll have to delete them yourself.
To avoid falling prey to such apps in the future, do a thorough check before downloading any app by making sure it comes from a trusted developer. Another thing to look for is requested permissions, especially those related to the Accessibility Service.