Anatsa (Malware Family)

apk.anatsa (Back to overview)

Anatsa

aka: ReBot, TeaBot, Toddler

There is no description at this point.

References

2024-02-21 ⋅ Cleafy ⋅ Francesco Iubatti
A stealthy threat uncovered: TeaBot on Google Play Store
Anatsa

2024-02-19 ⋅ ThreatFabric ⋅ ThreatFabric
Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach
Anatsa

2023-06-26 ⋅ ThreatFabric ⋅ ThreatFabric
Anatsa banking Trojan hits UK, US and DACH with new campaign
Anatsa

2022-05-13 ⋅ K7 Security ⋅ Baran S
Teabot
Anatsa

2022-03-03 ⋅ GBHackers on Security ⋅ Gurubaran S
TeaBot Banking Trojan Posted as QR Code app in Google Play Store Targeting US Users
Anatsa

2022-03-01 ⋅ Cleafy ⋅ Cleafy
TeaBot is now spreading across the globe
Anatsa

2022-01-27 ⋅ The Hacker News ⋅ Ravie Lakshmanan
Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices
Anatsa FluBot

2022-01-26 ⋅ Bitdefender ⋅ Bitdefender
New FluBot and TeaBot Global Malware Campaigns Discovered
Anatsa FluBot

2021-11-01 ⋅ ThreatFabric ⋅ ThreatFabric
Deceive the Heavens to Cross the sea
Alien Anatsa Hydra

2021-09-14 ⋅ Telekom ⋅ Thomas Barabosch
Flubot’s Smishing Campaigns under the Microscope
Anatsa FluBot

2021-07-17 ⋅ Twitter (@_icebre4ker_) ⋅ _icebre4ker_
Tweet: new version of Teabot targeting also Portugal banks
Anatsa

2021-07-16 ⋅ PRODAFT Threat Intelligence ⋅ PRODAFT
Toddler - Mobile Banking Botnet Analysis Report
Anatsa

2021-06-17 ⋅ K7 Security ⋅ Baran S
Teabot : Android Banking Trojan Targets Banks in Europe
Anatsa

2021-06-01 ⋅ Bitdefender ⋅ Alin Mihai Barbatei, Oana Asoltanei, Silviu Stahie
Threat Actors Use Mockups of Popular Apps to Spread Teabot and Flubot Malware on Android
Anatsa FluBot

2021-05-19 ⋅ Twitter (@ThreatFabric) ⋅ ThreatFabric
Tweet on Anatsa android banking trojan targeting 7 more italian banks
Anatsa

2021-05-11 ⋅ nviso ⋅ Jeroen Beckers
Android overlay attacks on Belgian financial applications
Anatsa

2021-05-10 ⋅ Cleafy ⋅ Cleafy
TeaBot: a new Android malware emerged in Italy, targets banks in Europe
Anatsa

2021-05-05 ⋅ ThreatFabric ⋅ ThreatFabric
Smishing campaign in NL spreading Cabassous and Anatsa
Anatsa

2021-03-15 ⋅ Buguroo ⋅ Buguroo
Toddler: Credential theft through overlays and accessibility event logging
Anatsa

Yara Rules

[TLP:WHITE] apk_anatsa_w0 (20210914 | matches on dumped, decrypted V/DEX files of Teabot)

rule apk_anatsa_w0 {
    meta:
        author = "Thomas Barabosch, Telekom Security"
        version = "20210819"
        description = "matches on dumped, decrypted V/DEX files of Teabot"
        sample = "37be18494cd03ea70a1fdd6270cef6e3"
        source = "https://github.com/telekom-security/malware_analysis/tree/main/flubot"

        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/apk.anatsa"
        malpedia_version = "20210914"
        malpedia_license = "CC BY-NC-SA 4.0"
        malpedia_sharing = "TLP:WHITE"
    strings:
        $dex = "dex"
        $vdex = "vdex"
        $s1 = "ERR 404: Unsupported device"
        $s2 = "Opening inject"
        $s3 = "Prevented samsung power off"
        $s4 = "com.huawei.appmarket"
        $s5 = "kill_bot"
        $s6 = "kloger:"
        $s7 = "logged_sms"
        $s8 = "xiaomi_autostart"

    condition:
        ($dex at 0 or $vdex at 0)
        and 6 of ($s*)
}

Download all Yara Rules

Anatsa Propose Change

References

Yara Rules

Anatsa