There's a fresh warning for all Android users with those owning Galaxy devices needing to be on heightened alert. This latest caution comes after the discovery of a batch of apps that come infected with the nasty Anatsa banking trojan. This vicious bug, which first began targeting devices last year, is fully capable of performing actions on a victim’s behalf without them ever knowing. That means those infected could find banking transactions being made or money being taken without permission.
All the applications in question were available to download via the Google Play Store with security experts at Threat Fabric saying they pose a "critical threat" to Android users in regions including the UK.
Although all Android owners now need to be wary, it appears that one of the so-called Anatsa droppers, which was being used to infect devices, was specially created to target Samsung Galaxy phones. That's no surprise considering Samsung's huge market share but will come as a worry to those with one in their pockets.
"A unique aspect of this dropper was its malicious code, specifically targeting Samsung devices," Threat Fabric explained.
"The malicious AccessibilityService was tailored to interact with the UI elements of Samsung devices, meaning only Samsung users were impacted in this phase of the campaign. This suggests that the threat actors initially developed and tested their code exclusively for Samsung devices."
Pub delivers five-word response to critics of its 'slow' carvery serviceOnce Google was made aware of the issue it deleted all of the 5 apps in question but if you have already downloaded them you could still be at risk.
That's why it's vital Android fans check their devices now. Below are the five apps recently removed by Google due to the likelihood they contain the Anatsa Trojan.
• Phone Cleaner - File Explorer
• PDF Viewer - File Explorer
• PDF Reader - Viewer & Editor (com.jumbodub.fileexplorerpdfviewer)
• Phone Cleaner: File Explorer
• PDF Reader: File Manager
Confirming the block of the dangerous apps, a Google Spokesperson said: "All of the apps identified in the report have been removed from Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.
"Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play."