Android users, particularly those with Samsung Galaxy devices, have been warned to delete five apps from their devices immediately due to the presence of a dangerous malware known as Anatsa. The apps, which were available for download on the Google Play Store, have since been removed, but users who have already installed them may still be at risk.
Anatsa is a Trojan virus capable of executing actions on a device remotely, including unauthorized withdrawals from bank accounts. Security experts at Threat Fabric have classified the threat posed by these apps as “critical,” emphasizing the heightened risk for Samsung Galaxy users.
The malicious code embedded in these apps specifically targets Samsung devices, indicating a deliberate effort by threat actors to exploit vulnerabilities in Samsung’s user interface. This tailored approach underscores the sophistication of the malware campaign and its potential impact on targeted users.
Despite the removal of the apps from the Play Store, users who have already downloaded them are advised to delete them immediately to mitigate the risk of falling victim to Anatsa. Google has assured Android users that Google Play Protect, which is enabled by default on devices with Google Play Services, offers protection against known versions of the malware.
A Google spokesperson stated: “Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play.”
The affected apps include:
- Phone Cleaner – File Explorer
- PDF Viewer – File Explorer
- PDF Reader – Viewer & Editor (com.jumbodub.fileexplorerpdfviewer)
- Phone Cleaner: File Explorer
- PDF Reader: File Manager
Anatsa, which first emerged in 2021, gained notoriety in 2023, and according to Threat Fabric, the threat is expected to persist with new iterations of the malware likely to emerge in the future. Users are urged to remain vigilant and to promptly delete any suspicious apps to safeguard their devices and personal information from malicious attacks.