If This App Is Installed On Your Smartphone, Delete It Now
Delete this app today.
“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform,” Google says. Maybe so. But a malicious threat that has been flagged many times in the past has just been found on Play Store again, attacking thousands of Android phones and putting users at risk.
This should not happen. But it does. Even with some of the most prolific threats targeting Android users. As is the case this time around with Anatsa, a banking trojan that hijacks apps on your phone to steal your credentials and then your money.
If your phone is infected with this malware, when you open your banking app you’ll see an overlay screen telling you the app is down for schedule maintenance. But this fake overlay simply obscures the app as it is being attacked in the background.
The developers behind the malware publish legitimate apps on Play Store and leave them alone while they garner downloads and (real or fake) reviews. Then the app is updated with the malware onboard. At that point the attacks start.
Delete this app immediately.
The latest warning comes courtesy of ThreatFabric, which has been tracking Anatsa for years. The app you need to delete if it’s installed on your phone is “Document Viewer — File Reader,” the exact type of free app from unknown sources you should avoid.
ThreatFabric “has been monitoring Anatsa’s activity since 2020 and recognizes the group as one of the most prolific operators in the mobile crimeware landscape. Their campaigns have consistently demonstrated a high level of success.”
The latest iteration of Anatsa has targeted users in North America, securing tens of thousands of installs. Anatsa returns repeatedly with these same tactics. Enabling Play Protect is critical, but also take care as to the number of free apps you install.
Just days ago, we saw a warning from Satori as hundreds of apps were also found on Play Store attacking phones, in that instance with adware. Anatsa is more dangerous, but the advice to stay safe is broadly the same.
If you do have the app installed, then check your accounts and change your passwords to be safe. Google has deleted the app from Play Store and will have updated Play Protect. But you need to delete it from your phone as well.