#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Accessibility Service | Breaking Cybersecurity News | The Hacker News

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries
Feb 19, 2024 Malware / Mobile Security
The Android banking trojan known as  Anatsa  has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play's enhanced detection and protection mechanisms," ThreatFabric  said  in a report shared with The Hacker News. "All droppers in this campaign have demonstrated the capability to bypass the restricted settings for accessibility service in Android 13." The campaign, in total, involves five droppers with more than 100,000 total installations. Also known by the name TeaBot and Toddler, Anatsa is known to be distributed under the guise of seemingly innocuous apps on the Google Play Store. These apps, called droppers, facilitate the installation of the malware by circumventing security measures imposed by Google that seek to grant sensitive permissions. In June 2023, the Dutch mobile security firm

Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication
Dec 21, 2023 Mobile Security / Banking Trojan
Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the accessibility service, all while expanding its targeted region," Dutch mobile security firm ThreatFabric  said  in a report shared with The Hacker News. Chameleon was  previously documented  by Cyble in April 2023, noting that it had been used to single out users in Australia and Poland since at least January. Like other banking malware, it's known to abuse its permissions to Android's accessibility service to harvest sensitive data and conduct overlay attacks. The rogue apps containing the earlier version were hosted on phishing pages and found to impersonate genuine institutions in the countries, such as the Australian Taxation Offic
Expert Insights
Cybersecurity Resources