"Anatsa Android Trojan Expands Global Reach, Evades Google Play Security"

The Anatsa Android banking trojan, also known as TeaBot and Toddler, has expanded its reach to include Slovakia, Slovenia, and Czechia in a new campaign observed in November 2023. Despite Google Play's enhanced detection and protection mechanisms, the trojan's droppers have successfully exploited the accessibility service and bypassed restricted settings for Android 13. Anatsa is distributed under innocuous apps on the Google Play Store and has the capability to gain full control over infected devices, execute actions on a victim's behalf, and steal credentials for fraudulent transactions. The latest campaign involved five droppers with over 100,000 total installations, with one dropper masquerading as a phone cleaner app and leveraging versioning to introduce malicious behavior. The trojan's abuse of the accessibility service is tailored to Samsung devices, and the campaign demonstrates a targeted approach to concentrate on specific regions for financial fraud.