Operators of the Anatsa Android banking trojan have targeted Czechia, Slovakia, and Slovenia with the malware as part of a November attack campaign, which came months after the trojan, also known as Toddler and TeaBot, had been leveraged in attacks against the U.S., Switzerland, and the UK, among others, reports The Hacker News.
Attacks involved luring targets into downloading five apps on the Google Play Store with more than 100,000 total installations, which were later updated to become droppers for the Anatsa trojan, according to a ThreatFabric report. All apps were also discovered to have exploited Accessibility Services only for Samsung devices, averted all restricted settings in Android 13, and concealed malicious activity through a multi-stage approach. "These actors prefer concentrated attacks on specific regions rather than a global spread, periodically shifting their focus. This targeted approach enables them to concentrate on a limited number of financial organizations, leading to a high number of fraud cases in a short time," said ThreatFabric.
Attacks involved luring targets into downloading five apps on the Google Play Store with more than 100,000 total installations, which were later updated to become droppers for the Anatsa trojan, according to a ThreatFabric report. All apps were also discovered to have exploited Accessibility Services only for Samsung devices, averted all restricted settings in Android 13, and concealed malicious activity through a multi-stage approach. "These actors prefer concentrated attacks on specific regions rather than a global spread, periodically shifting their focus. This targeted approach enables them to concentrate on a limited number of financial organizations, leading to a high number of fraud cases in a short time," said ThreatFabric.
