FB pixel

Mobile banking malware growing rapidly, ThreatFabric warns

Mobile banking malware growing rapidly, ThreatFabric warns

Online payment fraud prevention provider ThreatFabric has shared research on the return of the Anatsa trojan virus, which is expanding its reach in Europe. It also shared a post explaining how its Fraud Kill Chain can find gaps in mobile malware detection.

Anatsa banking trojan returns in Europe

ThreatFabric has been monitoring the Anatsa trojan virus campaign since its Mobile Threat Intelligence team detected a reappearance of the Anatsa banking trojan campaign in November of 2023. Over four months, it saw five different waves of the campaign, each targeting a different region. It shared its findings in a blog post.

The virus, which is one of the most prolific, has expanded into Slovakia, Slovenia, and Czechia after formerly targeting the UK, Germany, and Spain.

The campaign promotes dropper applications on Google Play in target areas that often rank high in popularity, increasing credibility. Some droppers exploit the AccessibilityService.

All droppers download configuration and malicious executable files from their C2 server, allowing bad actors to make modifications as needed. They have the capacity to bypass restricted settings for AccessibilityService in Android 13.

One supposed cleaner app that was found in November claimed to require AccessibilityService. Initially, the app had no malicious code, but an update introduced malicious code, which altered the Accessibility Service functionality, allowing it to execute actions such as automatically clicking buttons when it received a configuration from the C2 server.

Hackers tailored the malicious code for one phase specifically for the UI elements of Samsung devices. Future adaptations may target other manufacturers.

The five droppers monitored in this report had over 100,000 installations over the course of four months.

Individuals can protect themselves by being cautious of what apps they download and whether or not they should enable AccessibilityService for an app to be able to conduct its operations.

Fraud Kill Chain can identify gaps in mobile detection

The Fraud Kill Chain can find detection opportunities and gaps to combat mobile banking malware. ThreatFabric highlighted the most commonly found gaps in detection in a recent post.

The number of banking malware families has steadily been on the rise for years. In 2023, ThreatFabric found 75 families, 26 of which had device takeover capabilities. Most were delivered through official app stores.

Attackers use a wide variety of tactics, techniques and procedures, giving a wide range of opportunities for detection, but such detection requires sensors and processes in digital channels.

ThreatFabric’s research found three major gaps in detection. There is a major detection gap into mobile channels in particular. There is also a lack of visibility with the user journey. The third most common gap is visibility on device risk.

Anti-fraud teams should alleviate these gaps by checking detection processes for mobile visibility, user session visibility, and device risk visibility. Using Fraud Kill Chain mapping can help teams identify issues in their attack chain. They should consider adding detection technology to mitigate any found gaps and stay up to date with evolving threats to mobile.

Earlier this year, ThreatFabric was recognized by Gartner as a Sample Vendor for Cyberfraud Fusion in its Emerging Tech Impact Radar: Security report. ThreatFabric CEO Han Sahin noted the importance of behavioral biometrics, recently added to its anti-fraud technology suite, in the company announcement of the recognition.

ThreatFabric raised €11.5 million in seed funding last year to expand its behavioral biometrics and fraud protection capabilities.

Article Topics

 |   |   |   | 

Latest Biometrics News


City of Clemson pilots Intellicheck ID verification to prevent underage drinking

Identity verification provider Intellicheck and the city of Clemson have launched a 12 month pilot program that uses identity verification…


Rumors of liveness detection’s defeat have been greatly exaggerated

Photo and video face filters are perhaps the most mainstream use case for augmented reality –  and an illustrative test…


Companies House takes new measures to fraud fight, but not biometric IDV

Companies House, the UK’s business registry, has begun rolling out new tools to fight fraud and help cleanse the register…


Mitek: quarterlies, annuals, SEC actions

April 4, 2024 – Mitek is getting back on track with its financial reporting, which may be more reflective of the…


Jamaica parliament soon to receive draft digital ID regulation for scrutiny

Plans are being finalized to send the draft regulation on Jamaica’s digital ID program to the country’s parliament for examination…


US launches PKI system to make mobile driver’s licenses interoperable, easy to use

The Digital Trust Service being set up by the American Association of Motor Vehicle Administrators (AAMVA) to ease the use…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events