logo

Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play

ID: 116d0759-264d-5ff9-ae13-a58a0b124b70

STIX ID: report--116d0759-264d-5ff9-ae13-a58a0b124b70

Feed Name: Cyber Press

Threat Score
78/100

Date Published: 2026-06-24

Date Updated: 2026-06-24

Author: Varshini

...
...

**Executive Summary:** An active campaign distributed via a fake document reader on the Google Play Store is delivering the Anatsa Android banking trojan as a secondary payload; the malicious app initially appears legitimate, then downloads the trojan, requests Accessibility permissions, uses overlays to phish banking credentials, and intercepts SMS/MFA to enable unauthorized transfers—over 100,000 downloads have been reported, placing many users at risk.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.