Google has confirmed that it has removed more apps from the Play Store after researchers discovered a dangerous malware targeting Android users.
Security company Zscaler reported that the malware, known as Anatsa or TeaBot, was hidden inside apps on the Play Store. The malware steals banking login details, tracks keystrokes, and enables fraudulent transactions.
According to Zscaler’s ThreatLabz team, the latest variant of Anatsa is targeting more than 831 financial institutions worldwide. Researchers identified and reported 77 malicious apps that had been downloaded over 19 million times before removal.
Google said it has deleted all reported apps from the Play Store and confirmed that Google Play Protect—which is on by default for most Android devices—was already blocking these threats. The company said no active versions of this malware remain on the Play Store.
However, security experts warn that the danger is not over. If users still have one of the deleted apps installed, the malware may still be active. Many of these apps disguised themselves as document readers or other simple tools before secretly downloading malicious software.
Zscaler explained that hackers used a “dropper” technique, where an innocent-looking app installs a hidden update from a remote server. This update then activates the malware while bypassing Play Store security checks.
Experts advise Android users to:
- Check installed apps and remove any that are no longer available on the Play Store.
- Review app permissions, especially accessibility services, to identify suspicious activity.
- Keep Google Play Protect enabled to block known threats.
Anatsa is only one of many malware threats reported to Google in recent months. While Google has removed all confirmed malicious apps, users must remain alert to avoid ongoing risks.
