Anatsa Android Banking Malware Targets Users in the U.S. and Canada via Google Play

A sophisticated new campaign involving the Anatsa Android banking trojan, marking its third major offensive against mobile banking customers in the United States and Canada.

This latest operation demonstrates the malware’s evolving threat landscape and its operators’ persistent focus on North American financial institutions, with distribution occurring through the official Google Play Store.

Anatsa represents a highly advanced device-takeover trojan engineered to provide cybercriminals with comprehensive control over infected devices.

The malware employs multiple attack vectors, including credential theft through overlay attacks, keylogging capabilities, and remote control functionalities that enable operators to execute fraudulent transactions directly from compromised devices.

ThreatFabric has been tracking Anatsa’s activities since 2020, recognizing the group as one of the most prolific operators in the mobile crimeware ecosystem.

The malware follows a consistent operational pattern that begins with establishing legitimate developer profiles on app stores.

Operators upload seemingly benign applications such ...