Google removed Trojan malware app from Play store, was stealing users' valuable data
Cyber security is the biggest problem of the country and the world these days. This problem is increasing with time. We all know that nowadays the problems of malware and trojan have become common. Recently, information was received that Google has removed some apps from its Play Store in which Trojan malware is found. Today we are going to tell you about it. Let us know about it.
The Weekly Mail Post 
An Android Trojan malware named 'Anatsa' is attacking smartphone users in several countries including the US, UK, Germany, Austria and Switzerland. According to a report by BleepingComputer, ThreatFabric analysts have discovered a new 'Anatsa' campaign that began last March where Trojan malware was targeting online banking customers in these countries.
Trojan malware uses apps that hide their true intentions. It comes to the fore after users install these apps. The report claimed that an app listed in the Google Play Store was copying a PDF reader which, when installed, downloaded a Trojan payload.
Bad apps detection
Google has announced that it has identified malicious apps and removed them from the Play Store. The tech giant has banned the developers and said that Google Play Protect automatically removes apps that contain this malware on Android devices with Google Play Services.
Earlier, in November 2021, ThreatFabric analysts also tracked other campaigns that used apps located in the Google Play Store to distribute the Anatsa banking trojan. These apps cloned PDF scanner, QR code scanner, Adobe Illustrator app and fitness tracker app and generated over 30,000 installs. The malware aims to steal credentials used by customers on banking apps and initiate transactions by committing device-takeover (DTO) fraud.
How does it work
After Google removed the Anatsa-carrying app from the Play Store, the attackers added another app to the Android App Marketplace. This time the app was presented as a PDF viewer app, which was also downloading payloads appearing as an add-on to the app.
Whenever these apps were reported, Google removed them from the Play Store and the attackers immediately uploaded a new dropper under a new disguise. Anatsa collects financial information such as bank account credentials, credit card details, payment information. When the user tries to launch his valid bank app. The latest Anatsa Trojan campaign affected nearly 600 financial apps from banking institutions around the world.
ThreatFabric explains that since the transaction is initiated from the same device that the target bank customer regularly uses. The stolen amounts are then converted into cryptocurrency and passed through an extensive network of money mules in the target countries. The network members then keep a portion of the stolen funds as a revenue share and send the rest to the attackers.
