Anatsa Trojan: 90,000 Users Infected by Malicious PDF App on Google Play
Posted:
July 09, 2025
Tags:
protect against banking trojans, mobile malware campaign, google play store scam, fake pdf app, document viewer trojan, cybersecurity threats, cybercrime tactics, banking credential theft, android banking malware, anatsa trojan
Author:
Npav Lab
Views:
2

A sophisticated Android banking malware campaign has infected 90,000 users across multiple countries, with the Anatsa trojan distributed through a malicious PDF app on the official Google Play Store.


Disguised as a Legitimate App
The Trojan masqueraded as a legitimate app called Document Viewer – File Reader, developed by Hybrid Cars Simulator, Drift & Racing. Initially functioning as a PDF viewer, the app embedded malicious code weeks after its launch, transforming it into a tool for attacks.


How the Attack Works
Anatsa, also known as TeaBot or Toddler, is a banking trojan active since 2020, designed to steal credentials, log keystrokes, and take over devices for automated fraudulent transactions.
The attackers follow a systematic approach:
- Publish a benign app on Google Play.
- Wait for it to gain thousands of installs and positive reviews.
- Push a malicious update that embeds a dropper.
- Silently install the Anatsa payload on devices.
Comment(s)
Categories
- Other (43)
- Ransomware (154)
- Events and News (27)
- Features (45)
- Security (487)
- Tips (79)
- Google (29)
- Achievements (11)
- Products (36)
- Activation (7)
- Dealers (1)
- Bank Phishing (53)
- Malware Alerts (232)
- Cyber Attack (303)
- Data Backup (13)
- Data Breach (130)
- Phishing (165)
- Securty Tips (2)
- Browser Hijack (19)
- Adware (15)
- Email And Password (71)
- Android Security (77)
- Knoweldgebase (38)
- Botnet (17)
- Updates (4)
- Alert (71)
- Hacking (71)
- Social Media (8)
- vulnerability (75)
- Hacker (38)
- Spyware (12)
- Windows (8)
- Microsoft (25)
- Uber (1)
- YouTube (1)
- Trojan (4)
- Website hacks (10)
- Paytm (1)
- Credit card scam (2)
- Telegram (3)
- RAT (8)
- Bug (3)
- Twitter (2)
- Facebook (8)
- Banking Trojan (9)
- Mozilla (2)
- COVID-19 (5)
- Instagram (3)
- NPAV Announcement (9)
- IoT Security (2)
- Deals and Offers (2)
- Cloud Security (12)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (3)
- WhatsApp (6)
- Amazon (2)
- DMart (1)
- Payment Risk (5)
- Occasion (3)
- firewall (3)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (47)
- Impersonation phishing (1)
- DDoS (7)
- Smishing (2)
- Whale (0)
- Whale phishing (4)
- WINRAR (2)
- ZIP (2)
- Fraud Protector (36)
Recent Posts
Archive
Tags
cybersecurity
cybercrime
cyber attack
phishing
phishing attacks
data breach
cyber threats
data theft
phishing attack
malware
cyber fraud
android malware
credential theft
cybersecurity threats
ransomware
financial fraud
ransomeware
social engineering
data protection
financial security
cyber security
#cybersecurity
cyberthreats
phishingattack
network security
cyber threat
malware distribution
identity theft
security vulnerabilities
cert-in
data stealing
ransomware attacks
cyber crime
phishing scam
online fraud
data security
ddos attack
critical vulnerability
phishing email
ransomware attack
microsoft
cyber attacks
digital safety
twitter
ddos
india
cybercriminals
cyberattack
trojan
malware attack