This dangerous banking trojan now uses scheduled maintenance to hide its malicious activities — don't fall for this
As reported by BleepingComputer, the Anatsa banking trojan is back as part of a new campaign that uses a malicious app posing as a PDF viewer to infect unsuspecting users of the best Android phones.
The discovery was made by security researchers at Threat Fabric who have been tracking Anatsa for years. The banking trojan is often hidden in popular utilities, and to date, it has been downloaded almost a million times.
What makes malware like this particularly dangerous is that it's designed to target popular banking and finance apps. From JP Morgan to Capital One to TD Bank and others, Anatsa can impersonate them all and the banking trojan does this through overlay attacks. While you might think you're logging into your bank account, if your phone is infected, you're actually handing over your credentials to hackers who can then use them to drain your accounts and steal your hard-earned cash.
Here's everything you need to know about this latest Anasta campaign, including some tips and tricks to help keep you and your devices safe from Android malware.
Although it has since been removed, Threat Fabric's researchers recently found the Anatsa banking trojan hiding in a PDF viewer app on the Google Play Store called 'Document Viewer – File Reader' published by the developer 'Hybrid Cars Simulator, Drift & Racing,' according to a new report.
Based on a screenshot of the app's download page taken by the cybersecurity firm, more than 50,000 Android users downloaded this malicious app before it was taken down. If you did download this app, you should stop what you're doing and immediately manually remove it from your phone.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Just like with other malicious apps, Threat Fabric found that this one used a sneaky tactic where the app was 'clean' until it raked up enough users. Once it became popular, though, its creator or hackers who hijacked the app then added malicious code to it via an update.
As you might have guessed, this injected code contains the Anatsa banking trojan, which is installed on a vulnerable Android device as a separate app. By connecting to a hacker-controlled server, malware is able to get a list of targeted apps, then looks for them on the infected device. If any of them are found, then overlay attacks are used to steal user credentials from them.
This latest campaign adds a new trick, though, to prevent users from taking action until it's too late. You know those 'down for scheduled maintenance' error messages you often see when trying to check your account balance? Well, Anatsa now shows them too over your legitimate banking apps to hide its malicious activities in the background, and by the time the message is gone, so too are your banking credentials.
Google has since removed the latest malicious app spreading the Anatsa banking trojan from the Play Store. However, if you did download it, you need to remove it and then run a full system scan using Google Play Protect. Likewise, it's also recommended that you reset your bank credentials just in case they ended up in the wrong hands.
While I often recommend sticking to official app stores and not sideloading apps, this doesn't always work due to malicious apps. For this reason, even if you're extra careful when installing new apps, you could accidentally end up infecting your Android phone with malware.
This is why you want to carefully scrutinize any app you're thinking about installing. Check its rating and reviews on the Play Store, and since these can be faked, you also want to look for external reviews on other sites. Video reviews are even better if you can find them, since they give you a chance to see the app in question in action before you download it.
At the same time, you also want to limit the number of apps you have installed on your phone overall. The reason for this is that with fewer apps, you're less likely to have one of the apps you do have installed go bad after an update.
Likewise, it's always a good idea to stick to known, trusted developers when installing new apps. You also want to ask yourself if you really need a new app or if one of your existing apps or even your phone itself can accomplish the same functionality.
As for staying safe from Android malware, you want to make sure that Google Play Protect is enabled on your phone. This free and pre-installed security app scans all of your existing apps and any new ones you download for malware to help keep you and your devices safe. However, for extra protection, you may want to consider installing one of the best Android antivirus apps alongside it.
Malicious apps are one of the easiest ways for hackers to establish a foothold on your devices, and as a result, I don't see them going away anytime soon. This is why you always need to be extra careful when installing new apps on your phone, even if they come from official app stores.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Android Authority
12 minutes ago
- Android Authority
Google is testing more nuanced punctuation options in Gboard (APK teardown)
Edgar Cervantes / Android Authority TL;DR The latest Gboard beta contains clues that separate toggles to hide the comma and period keys may soon be available. Back in March, we spotted a single toggle for both keys being tested. If rolled out, users could choose a cleaner keyboard interface. Back in March, we reported that Google was working on a Gboard option to hide both the comma and period keys. That change echoed Apple's iPhone keyboard, where punctuation is hidden by default, but it didn't give Android users much control. While the cleaner layout may appeal to some, especially in regions where commas and periods aren't as essential, it tied both keys to a single switch. It seems that Google isn't done tweaking. In the latest Gboard beta (version 15.8.4.793526320-beta-arm64-v8a), we managed to activate an updated version of the feature. This time, there are two separate toggles: one for the comma key and another for the period key. AssembleDebug / Android Authority That means you'll be able to customize your layout to match your typing style, whether you can't live without quick access to commas or just want a less cluttered keyboard. Don't want to miss the best from Android Authority? Set us as a preferred source in Google Search to support us and make sure you never miss our latest exclusive reports, expert analysis, and much more. As the March testing proves, there's no guarantee these options will roll out to everyone, but the refinements suggest Google is still actively developing the idea. At least it looks like this will be an optional change, rather than an involuntary push toward the iPhone model. ⚠️ An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release. Follow
Yahoo
39 minutes ago
- Yahoo
Analog Devices Unlocks New Growth Engines In AI, Aerospace, And Robotics
Analog Devices (NASDAQ:ADI) delivered stronger-than-expected quarterly results on Wednesday and issued an upbeat outlook, signaling momentum across industrial and communications markets while highlighting new structural growth drivers in AI, aerospace, and automation. Following the results, JP Morgan analyst Harlan Sur maintained an Overweight rating on ADI and increased the price forecast from $300 to $310. Sur cited a stronger cyclical recovery and expanding secular drivers. He lifted his forward estimates, projecting fiscal 2026 EPS of ~$8.85, and applied a 35x multiple, the high end of peer group valuations, reflecting ADI's premium margins and diversified growth noted that July-quarter revenue rose 9% Q/Q to $2.88 billion, beating consensus of $2.765 billion, with EPS at $2.05 vs. $1.95 expected. Growth was broad-based: industrial climbed 11% Q/Q and 23% Y/Y, communications surged 18% Q/Q and 42% Y/Y on AI networking strength, and consumer rose 17% Q/Q and 20% Y/Y. Automotive stayed flat sequentially but gained 23% Y/Y due to product cycles and China demand pull-forward. For the October quarter, ADI guided revenue to $3.0 billion (up 4% Q/Q), topping consensus of $2.823 billion, with EPS of $2.22 vs. $2.03 expected and operating margin of 43.5% vs. 42.4% consensus. Industrial is expected to lead growth with low-to-mid-teens sequential gains, while automotive should decline in the low-teens Q/Q as earlier pull-forwards unwind. Sur highlighted ADI's structural growth engines, including aerospace & defense now trending above $1 billion annually (~10% of revenue), AI/datacenter opportunities in optical networking and power systems rising toward $550 million–$600 million annually vs. $400 million in fiscal 2024, and industrial automation tailwinds from humanoid robotics design wins. Sur also cited strong capital returns, with $3.7 billion in free cash flow (35% margin) over the past 12 months and $1.6 billion returned to shareholders via dividends and buybacks. Price Action: ADI stock is trading higher by 1.73% to $249.04 at last check Thursday. Photo via Shutterstock Latest Ratings for ADI Date Firm Action From To Feb 2022 Morgan Stanley Maintains Equal-Weight Feb 2022 Citigroup Maintains Buy Jan 2022 Barclays Maintains Overweight View More Analyst Ratings for ADI View the Latest Analyst Ratings UNLOCKED: 5 NEW TRADES EVERY WEEK. Click now to get top trade ideas daily, plus unlimited access to cutting-edge tools and strategies to gain an edge in the markets. Get the latest stock analysis from Benzinga? ANALOG DEVICES (ADI): Free Stock Analysis Report This article Analog Devices Unlocks New Growth Engines In AI, Aerospace, And Robotics originally appeared on © 2025 Benzinga does not provide investment advice. All rights reserved. Error while retrieving data Sign in to access your portfolio Error while retrieving data Error while retrieving data Error while retrieving data Error while retrieving data
CNBC
2 hours ago
- CNBC
Apple TV+ hikes subscription for third time in three years
Apple is taking a cue from some of its competitors. The technology giant's Apple TV+ monthly subscription is now $12.99, starting Thursday in the U.S. and other countries. Apple said the new price will hit current subscribers 30 days after their next renewal date. The annual subscription price will not change. For new subscribers, the $12.99 monthly price begins after a 7-day trial period. The change marks Apple's first price hike for its streaming service since 2023. At the time, Apple lifted its monthly price to about $9.99 from $6.99. The company raised the price in 2022 from $4.99. Apple TV+ is one of the company's most popular services, but Apple does not release viewership numbers. A report from The Information earlier this year said the streaming service is losing more than $1 billion annually as subscriptions rocketed to 45 million, citing people familiar with the matter. Apple isn't the only streaming company hiking prices this year to either fund new content or reap returns on their investments. Earlier this year, both Netflix and NBCUniversal's Peacock boosted prices. Music streaming platform Spotify also raised prices in multiple markets. Earlier this year, Apple introduced its streaming service to Android phones in a move that could open the company to more people worldwide. The company is fresh off the release of its highest-grossing theatrical film, "F1: The Movie."
