Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play
ID: 116d0759-264d-5ff9-ae13-a58a0b124b70
STIX ID: report--116d0759-264d-5ff9-ae13-a58a0b124b70
Feed Name: Cyber Press
Threat Score
**Executive Summary:** An active campaign distributed via a fake document reader on the Google Play Store is delivering the Anatsa Android banking trojan as a secondary payload; the malicious app initially appears legitimate, then downloads the trojan, requests Accessibility permissions, uses overlays to phish banking credentials, and intercepts SMS/MFA to enable unauthorized transfers—over 100,000 downloads have been reported, placing many users at risk.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
