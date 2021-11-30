Anatsa Android Malware: Uninstall these apps now!
Although the controls on the Google Play Store have become more reliable in detecting the presence of malware in apps, attackers are always finding new ways to bring malicious content into the smartphones of unsuspecting users, who can find themselves looted at any moment. of banking information and personal data.
This time the alarm was raised by researchers from ThreatFabric, a company that mainly deals with computer security for mobile systems: some apparently harmless applications, downloaded more than 300,000 times overall, would have hidden a trojan said inside. Anatsa capable of stealing personal and banking information, including keys for two-factor authentication.
The offending applications use a particularly ingenious method in order not to be recognized as malicious by Google scans, now almost completely automated based on machine learning algorithms that analyze the number and type of permissions required by applications in order to function.
In fact, to circumvent control systems, these applications present themselves as QR code scanners or PDF documents, fitness assistants or even “wallets” for cryptocurrencies: all services that require access only to storage or the camera and are therefore harmless in the eyes of Google.
The version available on the Play Store of these applications, in fact, does not contain the Anatsa trojan: the user downloads the malicious content only at a later time, when just installed the app requires an update on a third-party service in order to continue to function properly. The ThreatFabric team found the difference between before and after the update in the permissions granted and in the app code itself.
The trap is made even more cunning by the fact that, even after installing the update containing the trojan, these applications work perfectly for the purpose for which they were downloaded, making the user even less suspicious of their nature.
In addition to Anatsa, the ThreatFabric team has detected the presence of three other similarly functioning Android Trojans: Alien, Hydra and Ermac. In all these cases, by unlocking the permissions of the accessibility services, the Trojan will have full access to every software component of the phone, putting the security of the user’s banking and personal information at risk.
These are the twelve applications reported by ThreatFabric as possible vehicles for Android Trojans, complete with their package identifier and unique SHA-256 code. If you already have them installed, do so immediately delete them from your smartphone and check the status of your home banking accounts and services.
- Two Factor Authenticator – com.flowdivison – a3bd136f14cc38d6647020b2632bc35f21fc643c0d3741caaf92f48df0fc6997
- Protection Guard – com.protectionguard.app – d3dc4e22611ed20d700b6dd292ffddbc595c42453f18879f2ae4693a4d4d925a
- QR CreatorScanner – com.ready.qrscanner.mix – ed537f8686824595cb3ae45f0e659437b3ae96c0a04203482d80a3e51dd915ab
- Live Master Scanner – com.multifuction.combine.qr – 7aa60296b771bdf6f2b52ad62ffd2176dc66cb38b4e6d2b658496a6754650ad4
- QR Scanner 2021 – com.qr.code.generate – 2db34aa26b1ca5b3619a0cf26d166ae9e85a98babf1bc41f784389ccc6f54afb
- QR Scanner – com.qr.barqr.scangen – d4e9a95719e4b4748dba1338fdc5e4c7622b029bbcd9aac8a1caec30b5508db4
- PDF Document Scanner – Scan to PDF – com.xaviermuches.docscannerpro2 – 2080061fe7f219fa0ed6e4c765a12a5bc2075d18482fa8cf27f7a090deca54c5
- PDF Document Scanner – com.docscanverifier.mobile – 974eb933d687a9dd3539b97821a6a777a8e5b4d65e1f32092d5ae30991d4b544
- PDF Document Scanner Free – com.doscanner.mobile – 16c3123574523a3f1fb24bbe6748e957afff21bef0e05cdb3b3e601a753b8f9d
- CryptoTracker – cryptolistapp.app.com.cryptotracker – 1aafe8407e52dc4a27ea800577d0eae3d389cb61af54e0d69b89639115d5273c
- Gym and Fitness Trainer – com.gym.trainer.jeux – 30ee6f4ea71958c2b8d3c98a73408979f8179159acccc01b6fd53ccb20579b6b
- Gym and Fitness Trainer – com.gym.trainer.jeux – b3c408eafe73cad0bb989135169a8314aae656357501683678eff9be9bcc618f
There is also another more general warning: when it comes to scanning documents and QR codes, the most advanced versions of Android already include both of these features as part of the camera modes: rely on existing features, or other reliable services. like Adobe Scan or Google Lens, rather than putting your security at risk.
