See name of new malware by fraudsters stealing banking data on Android phones

4 months ago 8
  • The ngCERT has urged Nigerians to be careful when downloading certain apps from Google Playstore
  • The government agency warns there is now a malware stealing financial information from user’s phone
  • The malware employs advanced techniques to bypass security measures and display fake login screens

Legit.ng journalist Dave Ibemere has over a decade of business journalism experience with in-depth knowledge of the Nigerian economy, stocks, and general market trends.

The Nigeria Computer Emergency Response Team (ngCERT) under the Office of the National Security Adviser has warned Nigerians who use Android devices about a malware called Anatsa banking trojan.

The malware is specifically designed to target banking apps and steal financial information from users.

Nigerian banking appsNigerians asked to be careful when downloading apps Photo credit: Evgeniia Siiankovskaia
Source: Getty Images

The malware threats were disclosed in a released advisory by the organisation and have come in response to increasing reports of cyber threats to bank customers.

How the Anatsa banking trojan works

According to ngCERT, the Anatsa trojan exploits Android’s accessibility services to gain complete control over infected devices.

Once installed, ngCERT warns that the trojan can launch phishing attacks with fake login screens to capture banking credentials, record keystrokes, and intercept payment information.

The trojan malware can also remotely interact with the device, performing clicks, scrolls, and swipes, and it can prevent users from accessing certain apps, including security applications.

ngCERT said:

Once installed, ngCERT warns that the trojan can launch phishing attacks with fake login screens to capture banking credentials, record keystrokes, and intercept payment information. "The malware can also remotely interact with the device, performing actions such as clicks, scrolls, and swipes, and can prevent users from accessing certain apps, including security applications"The trojan is delivered through malicious apps that appear to be legitimate PDF and QR code readers or cleaner apps. These apps initially behave normally until they secretly download, decrypt, and execute the trojan’s payload, bypassing the restricted settings for accessibility services, mostly in Android 13."This payload then establishes a connection with a command and control (C2) server, awaiting instructions from the attacker."

It added that the trojan has been distributed through various apps on the Google Play Store and has infected over 70,000 devices.

How do you protect your phone against malware?

ngCERT said:

"The Anatsa banking trojan represents a significant threat to the financial security of Android users. "We urge everyone to exercise caution and follow the recommended guidelines to safeguard their personal and financial information."

NgCERT has asked Nigerians using Android devices to do the following to protect their devices.

Avoid Installing Untrusted Apps:

Only download apps from trusted sources, and carefully review the app ratings and user feedback on the Google Play Store.

Be Wary of Unnecessary Permissions:

Exercise caution with apps requesting excessive permissions, particularly those related to accessibility services or the installation of unknown apps.

Uninstall Suspicious Apps:

If you suspect an app contains the Anatsa trojan, uninstall it immediately and thoroughly scan your device with a reputable antivirus application.

Monitor Banking Activity:

Regularly change banking passwords and closely monitor account activity. Report any suspicious transactions to your financial institution promptly.

NCC warns Nigerians to remove 5 Google Chrome extensions

Legit.ng reported that the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has identified five malicious Google Chrome Extensions.

According to the commission, the extensions surreptitiously track online browser activities and steal users’ data.

Source: Legit.ng

Visit Source