Overview

• Zscaler’s ThreadLabz reported 77 Play Store listings to Google after documenting droppers that fetched or unpacked hidden payloads at runtime.
• Google removed the apps from the store, and reports say Play Protect can automatically purge some infections from devices.
• The latest Anatsa build expands its focus to about 831 institutions, including newly added targets in Germany and South Korea plus crypto platforms.
• Researchers say many lures topped 50,000 installs, with Joker present in roughly a quarter of the set and capable of reading messages, accessing contacts and enrolling paid services.
• Guidance for users stresses uninstalling suspicious titles, reviewing accessibility permissions and running a malware scan because store removal does not clean compromised phones.