Anatsa Trojan Returns Targeting Europe and Expanding Its Reach

19-Feb-24

Financial organisations are advised to alert and educate their customers about the risks of installing applications from official stores and enabling AccessibilityService for applications that do not require them.


Implementing effective detection and monitoring for malicious applications and unusual customer account activity is crucial in identifying fraud cases linked to device-takeover mobile malware such as Anatsa.


As of this report, the current campaign involves five droppers with over 100,000 total installations. Each installation poses a potential risk for Anatsa installation and subsequent fraud. In comparison, the previous campaign in the first half of 2023 featured six different droppers, accumulating over 130,000 total installations. Based on this pattern, we anticipate the continuation of this campaign, with new droppers appearing in the official store and an expansion into additional targeted regions. The threat actors have a history of shifting focus between regions within a single campaign.

Read More…