Fake Android App with 220,000+ Downloads Steals Banking Credentials

A dangerous banking trojan named Anatsa (TeaBot) was found hiding in a File Manager and Document Reader app on Google Play. Before it was removed, the app had over 220,000 downloads and targeted users worldwide. This malware steals banking passwords, bypasses two-factor authentication (2FA), and enables hackers to transfer money from victims' accounts.

  • A fake app was available on Google Play, tricking users into downloading it.
  • The app asked users to install a fake update, which contained the malware.

  • Once installed, the trojan monitored banking activities and stole passwords.
  • It created fake login screens to capture usernames and passwords.
  • Hackers used stolen information to bypass 2FA and transfer money.
  • The malware targeted over 600 banking and cryptocurrency apps globally.
  • Google has removed the app, but similar threats continue to emerge.

To stay safe:

  • Download apps only from trusted developers and check reviews.
  • Never install updates from third-party links or outside the Play Store.
  • Limit app permissions, especially access to SMS and accessibility services.
  • Regularly check bank statements for suspicious activity.
  • Use a trusted mobile security solution like Net Protector Mobile Security.

Cybercriminals continue to exploit fake apps to steal banking details. Staying alert and using strong security measures can help protect your financial data from such threats.