Experts are urging Samsung Galaxy users to take immediate action if they have recently downloaded certain apps on their devices. A well-known trojan malware, Anatsa, has been discovered in five apps that were previously available for download on the Google Play Store.
The malware-infected apps were designed to deceive users, posing as helpful tools while secretly stealing sensitive data and even potentially conducting unauthorized banking transactions.
Cybersecurity firm ThreatFabric identified the following five apps as containing the Anatsa malware:
- Phone Cleaner – File Explorer
- PDF Viewer – File Explorer
- PDF Reader – Viewer & Editor
- Phone Cleaner: File Explorer
- PDF Reader: File Manager
While all Android users should remain cautious, Samsung Galaxy users are particularly at risk due to the targeted nature of this malware. Although Google has swiftly removed these apps from the Play Store, it’s estimated that they were downloaded over 150,000 times before their removal.
In a statement to Bleeping Computer, Google assured users that its built-in protection system, Google Play Protect, is designed to safeguard against known versions of this malware. This protection is automatically enabled on Android devices with Google Play Services.
ThreatFabric’s report on the Anatsa malware reveals a sophisticated tactic used by the apps to evade detection. Initially, the apps request user permissions to access files and systems under the guise of legitimate functions such as file exploration and cleaning. Once granted, the apps would then secretly download malicious components from a remote server, effectively hiding their true intent.
If you recognize any of these app names on your device, it is strongly advised to delete them immediately. Google Play Protect can assist in identifying and blocking malicious behavior, but users should remain vigilant.
Don’t take any chances with your data and security—check your Samsung Galaxy device now and remove these apps to prevent potential harm.