Fake document reader app spreads Anatsa banking trojan on Play Store
A sneaky Android app called "Document Reader - File Manager" has been caught spreading the Anatsa (TeaBot) banking trojan.
Downloaded over 50,000 times from Google Play, this fake app steals your banking details by logging what you type, grabbing SMS OTPs, and showing fake login screens.
It even uses special permissions to secretly download and install the Anatsa payload and make unauthorized transactions—all without you noticing.
Trojan targets hundreds of financial apps and keeps coming back
Anatsa isn't picky—it can attack over 830 financial apps worldwide, including crypto platforms.
Even after Google removed dozens of infected apps in September 2024 (after millions of installs), the malware keeps popping up on third-party stores like Aptoide and APKPure under different names.
Without Google's security checks, these versions have been downloaded over 150,000 times, putting users at real risk of having their money or data stolen.