A malicious application posing as a document reader has been downloaded over 100,000 times and installs the Anatsa banking trojan on Android devices. This app has bypassed Google's security checks and remains available on the Play Store. The Anatsa Trojan is designed to steal sensitive financial information by monitoring users' banking apps and intercepting login processes through a fake overlay that mimics legitimate interfaces. It requests extensive permissions, allowing it to observe screens, capture keystrokes, and interact with the device. Users are advised to review installed applications and monitor bank statements for unauthorized activity.