![\"Play](\"https:\/\/www.europesays.com\/us\/wp-content\/uploads\/2025\/08\/1755944114_241_960x0.jpg\")
<\/p>\n<\/p>\n
Do not keep apps on your phone<\/p>\n
AFP via Getty Images<\/p>\n
Google has deleted millions of apps<\/a> from Play Store as Android changes beyond recognition. There\u2019s a clampdown on apps<\/a> from outside the official store, and trivial apps on Play Store itself are being rooted out<\/a>. Now Google has confirmed more apps have been deleted, after a hidden threat was found attacking Android phones.<\/p>\n The latest warning comes from Zscaler<\/a>. It\u2019s Anatsa<\/a> malware again, \u201cattacking Android devices and targeting financial applications.\u201d Also known as TeaBot, this nasty threat \u201csteals credentials, monitors keystrokes, and facilitates fraudulent transactions.\u201d<\/p>\n ForbesChange Your PayPal Password Now If It\u2019s On This ListBy Zak Doffman<\/a><\/p>\n Zscaler\u2019s ThreatLabz team says \u201cthe latest variant of Anatsa targets over 831 financial institutions worldwide,\u201d and it has \u201cidentified and reported 77 malicious apps from various malware families to Google, collectively accounting for over 19 million installs.\u201d<\/p>\n Google tells me all apps identified by Zscaler have been deleted from Play Store, and \u201cprotection against these malware versions was already in place through Google Play Protect prior to this report. Based on our current detection, no apps containing these versions of this malware are found on Google Play.\u201d<\/p>\n As long as Google Play Protect is enabled, which should be on by default, \u201cAndroid users are automatically protected against known versions of this malware.\u201d You also need to delete any of the trivial apps on your device that are no longer available on Play Store. As far as Anatsa is concerned, pay particular attention to document readers.<\/p>\n Dangerous Play Store app – now removed.<\/p>\n Zscaler<\/p>\n Zscaler explains that \u201cAnatsa uses a dropper technique, where the threat actors use a decoy application in the official Google Play Store that appears benign upon installation. Once installed, Anatsa silently downloads a malicious payload disguised as an update from its command-and-control (C2) server. This approach allows Anatsa to bypass Google Play Store detection mechanisms and successfully infect devices.\u201d<\/p>\n When you install the dropper, the malware will run a set of checks to help it evade analyst machines or security software. It does its best to ensure it has a clear run on a device before loading the malicious malware itself.<\/p>\n Anatsa displays fake login pages for banking apps for the hundreds of banks targeted. \u201cThese pages are tailored based on the financial institution applications detected on the user\u2019s device.\u201d Those credentials are then stolen enabling remote attacks.<\/p>\n