The Nigerian Computer Emergency Response Team (ngCERT) has raised an alarm over a significant rise in malware infections caused by the Anatsa banking trojan, targeting Android devices and stealing financial information from users.
This was disclosed in a recently released advisory by the organization.
According to ngCERT, the trojan masquerades as a PDF and QR code reader and employs advanced techniques to bypass security measures and display fake login screens.
It added that the trojan has been distributed through various apps on the Google Play Store and has infected over 70,000 devices.
NgCERT, therefore, urged Android users to exercise caution when downloading apps.
What is the Anatsa Banking Trojan?
The Anatsa banking trojan is a sophisticated malware that exploits Android’s accessibility services, granting attackers full control over infected devices.
It disguises itself as legitimate apps, such as PDF and QR code readers, and initially performs normally before secretly downloading, decrypting, and executing its payload.
The trojan connects to its command and control (C2) server, waiting for instructions from the attacker. It can steal banking credentials, credit card details, and payment information by overlaying fake login screens on legitimate banking apps and recording keystrokes. Additionally, the trojan can prevent user interaction with certain apps and manipulate device files.
Ways Anatsa Trojan puts your financial data at risk
According to ngCERT, if installed, the Anatsa banking trojan allows attackers to:
- Remotely interact with the device, performing actions like clicks, scrolls, and swipes.
- Launch phishing attacks to steal sensitive financial information and execute unauthorized transactions.
- Block access to legitimate applications, such as security apps or system settings.
Recommendations from ngCERT
To prevent or mitigate infection by the Anatsa banking trojan, ngCERT advises the following actions:
Avoid installing apps from unknown or untrusted sources. Check reviews and ratings of apps before downloading them from the Google Play Store.
Do not call numbers provided in unsolicited messages or emails. Be cautious of apps requesting unnecessary or excessive permissions, especially accessibility services or the installation of unknown apps.
Remove any app suspected of containing the Anatsa trojan and scan the device with a reputable antivirus app.
Update banking passwords and monitor account activity for any suspicious transactions, reporting them to the respective banks.
Keep antivirus software updated to detect and remove malware. Ensure the Android device and apps are updated to the latest versions.
What you should know
Naiametrics earlier reported that Nigeria experienced a troubling 8% increase in banking malware attacks in 2023.
Despite a 10% decrease in overall cyber threats nationwide, the rise in attacks targeting online banking credentials and sensitive information is significant
Leave a Comment