The Nigeria Computer Emergency Response Team (ngCERT), operating under the Office of the National Security Adviser, has issued a warning to Nigerian Android device users about a malware known as the Anatsa banking trojan.
This malware is specifically designed to target banking apps and steal financial information from users.
The advisory from ngCERT comes in response to a surge in cyber threats against bank customers.
According to the organization, the Anatsa trojan exploits Android’s accessibility services to gain complete control over infected devices. Once installed, the trojan can launch phishing attacks using fake login screens to capture banking credentials, record keystrokes, and intercept payment information.
ngCERT detailed that the trojan can remotely interact with the device, performing actions such as clicks, scrolls, and swipes.
It can also prevent users from accessing certain apps, including security applications. The malware is delivered through malicious apps that appear legitimate, such as PDF and QR code readers or cleaner apps. Initially, these apps behave normally but eventually download, decrypt, and execute the trojan’s payload, bypassing restricted settings for accessibility services, particularly in Android 13.
Once the payload is activated, it establishes a connection with a command and control (C2) server, awaiting instructions from the attacker.
The trojan has been distributed through various apps on the Google Play Store and has infected over 70,000 devices.
To protect their phones against malware, ngCERT advises Android users to:
- Avoid Installing Untrusted Apps: Only download apps from trusted sources and carefully review app ratings and user feedback on the Google Play Store.
- Be Wary of Unnecessary Permissions: Be cautious with apps requesting excessive permissions, especially those related to accessibility services or the installation of unknown apps.
- Uninstall Suspicious Apps: If an app is suspected to contain the Anatsa trojan, uninstall it immediately and thoroughly scan the device with a reputable antivirus application.
- Monitor Banking Activity: Regularly change banking passwords, closely monitor account activity, and report any suspicious transactions to the financial institution promptly.
ngCERT emphasized that the Anatsa banking trojan poses a significant threat to the financial security of Android users and urged everyone to exercise caution and follow the recommended guidelines to safeguard their personal and financial information.
