As noted in the company, applications download a malicious component when working in certain regions, including the Russian Federation. Sberbank, Tinkoff-bank, Uralsib, Pochta-bank and OTP-bank are among the Russian banks whose application data is tracked by the virus. Dangerous applications mimic document and QR-code scanners.
Researchers have identified three groups of malware based on the code they download. So, Anatsa is aimed at Russia, as well as the USA, Great Britain, Austria and other countries.
These applications have been installed over 200 thousand times. One of them is a QR-code scanner from the publisher QrBarBode LDC. It has been downloaded over 50 thousand times. According to ThreatFactor, these apps work exactly as described and get positive reviews on their pages.
After the application enters the gadget, it determines whether a virus needs to be downloaded to the phone. If the conditions correspond to this, then the program asks the user to download the update, as well as grant permission to install unknown applications.
Then it is the malicious code that is downloaded to the phone. The virus is being tested in the Play Store as it is downloaded separately from the application.