You Think That File Reader App Safe? Maybe Not. Anatsa Trojan Strikes Again

Published: August 19, 2025 on our newsletter Security Fraud News & Alerts Newsletter.

Imagine this scenario: you’re trying to open a PDF on your phone, so you head to the Google Play Store and download something called “Document Viewer — File Reader.” Seems harmless. It’s got good reviews, thousands of downloads, and it does what it says. But according to a July 2025 alert from cybersecurity firm ThreatFabric, this innocent-looking app is actually a front for Anatsa, one of the most dangerous banking trojans making the rounds right now.

Here’s how it works. The app itself is clean—at first. That’s how it slips through Google’s security screening. But once you install it, it quietly downloads the real malware in the background.

Anatsa specializes in overlay attacks. It monitors which apps you’re using and, when you open your banking app, it throws up a fake login screen that looks exactly like the real thing. You enter your credentials, thinking you’re logging in as usual. But in reality, you’re handing them over to thieves who are already lining up your money for withdrawal.

Even worse? People are sideloading these malicious apps from sketchy third-party websites, bypassing even Google’s modest defenses. Let’s be clear: Don’t sideload apps unless you absolutely trust the source. It’s like picking up a USB drive off the street and plugging it into your computer—bad idea. You never know where it has been.

How to Stay Safe:

• Delete “Document Viewer — File Reader” immediately if it’s on your phone.

• Avoid apps that ask for overlay, accessibility, or other excessive permissions unless you understand why it needs them.

• Don’t sideload apps from outside the Play Store—no matter how tempting it looks.

• Turn on Google Play Protect and keep your phone’s operating system and other software updated.

• That “file reader” you downloaded to make life easier? It might just be reading your banking credentials—and forwarding them to someone overseas. Stay alert, stay skeptical, and don’t blindly trust everything that comes with five stars.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com