![\"Play](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/08\/1756175416_264_960x0.jpg\")
<\/p>\n<\/p>\n
Do not keep apps on your phone<\/p>\n
AFP via Getty Images<\/p>\n
Republished on August 25 with a new threat warning and Google suddenly confirming a crack down on Android apps from any source \u2014 a potential game-changer. <\/p>\n
Google has deleted millions of apps<\/a> from Play Store as Android changes beyond recognition. There\u2019s a clampdown on apps<\/a> from outside the official store, and trivial apps on Play Store itself are being rooted out<\/a>. Now Google has confirmed more apps have been deleted, after a hidden threat was found attacking Android phones.<\/p>\n The latest warning comes from Zscaler<\/a>. It\u2019s Anatsa<\/a> malware again, \u201cattacking Android devices and targeting financial applications.\u201d Also known as TeaBot, this nasty threat \u201csteals credentials, monitors keystrokes, and facilitates fraudulent transactions.\u201d<\/p>\n Zscaler\u2019s ThreatLabz team says \u201cthe latest variant of Anatsa targets over 831 financial institutions worldwide,\u201d and it has \u201cidentified and reported 77 malicious apps from various malware families to Google, collectively accounting for over 19 million installs.\u201d<\/p>\n ForbesDo Not Use These Networks On Your Phone, TSA Warns\u2014Here\u2019s WhyBy Zak Doffman<\/a><\/p>\n Google tells me all apps identified by Zscaler have been deleted from Play Store, and \u201cprotection against these malware versions was already in place through Google Play Protect prior to this report. Based on our current detection, no apps containing these versions of this malware are found on Google Play.\u201d<\/p>\n As long as Google Play Protect is enabled, which should be on by default, \u201cAndroid users are automatically protected against known versions of this malware.\u201d You also need to delete any of the trivial apps on your device that are no longer available on Play Store. As far as Anatsa is concerned, pay particular attention to document readers.<\/p>\n Zscaler explains that \u201cAnatsa uses a dropper technique, where the threat actors use a decoy application in the official Google Play Store that appears benign upon installation. Once installed, Anatsa silently downloads a malicious payload disguised as an update from its command-and-control (C2) server. This approach allows Anatsa to bypass Google Play Store detection mechanisms and successfully infect devices.\u201d<\/p>\n When you install the dropper, the malware will run a set of checks to help it evade analyst machines or security software. It does its best to ensure it has a clear run on a device before loading the malicious malware itself.<\/p>\n Anatsa displays fake login pages for banking apps for the hundreds of banks targeted. \u201cThese pages are tailored based on the financial institution applications detected on the user\u2019s device.\u201d Those credentials are then stolen enabling remote attacks.<\/p>\n Dangerous Play Store app – now removed.<\/p>\n Zscaler<\/p>\n Anatsa is just one of the malware threats identified by Zscaler and reported to Google. All apps reported have been deleted, but that doesn\u2019t mean they\u2019re no longer on your phone, which is why you must act now to check.<\/p>\n One easy way is to start with permissions, especially accessibility services<\/a>, to identify likely threats. \u201cAndroid users should always verify the permissions that applications request, and ensure that they align with the intended functionality of the application.\u201d<\/p>\n It\u2019s exactly this form of permission abuse that\u2019s behind the latest attacks flagged by the team at Zimperium<\/a>, \u201ca new variant of the Hook Android banking trojan, now featuring some of the most advanced capabilities we\u2019ve seen to date.\u201d<\/p>\n Zimperium warns that \u201cas with prior versions, Hook abuses Android Accessibility Services to automate fraud and control devices remotely. The difference: its growing command set and overlay techniques give attackers even more flexibility in stealing data, hijacking sessions, and bypassing defenses.\u201d<\/p>\n Meanwhile, Google\u2019s clampdown has suddenly taken a surprising new twist. Google announced<\/a> Monday that \u201cAndroid\u2019s new developer verification is an extra layer of security that deters bad actors and makes it harder for them to spread harm. Starting in September 2026, Android will require all apps to be registered by verified developers in order to be installed on certified Android devices.\u201d<\/p>\n