New deletion warningNurPhoto via Getty ImagesGoogle has its finger on the delete button and thats a good thing. Twice in just a few days, security researchers have called out the speed with which Googles team removes threats from its Play Store. Yes, they should not have been there in the first place, but at least theyre now gone. But remember, you need to delete apps on your phone as well.A week ago, I reported on an extensive and sophisticated ad fraud scheme with more than 56 million downloads for 180 malicious apps. The research from IAS outed a dangerous new campaign mimicking legitimate apps in various popular categories document readers, flashlights, horoscopes. The team dubbed the attack Vapor, given its ability to 'evaporate any real functionality from apps, leaving just the intrusive ads.Users really do need to kill the habit of downloading these vacuous apps from little known developers. Googles Play Store purge last year, its raised thresholds and new app quality warnings will all help. But ultimately it needs a change in user behavior.Now Zscalers Threatlabz has outed another vacuous app doing significant harm and no good. A popular application in the Google Play Store, it says, with over 220,000 downloads that was actually a downloader for the Anatsa (aka TeaBot) Android banking trojan. The app was disguised as a file manager and document reader.I covered Anatsa almost exactly a year ago, when ThreatFabric warned the dropper was specifically targeting Samsung. The malicious AccessibilityService was tailored to interact with the UI elements of Samsung devices This suggests that the threat actors initially developed and tested their code exclusively for Samsung devices.At the time, the researchers warned there is potential for future adaptations to target other manufacturers, with other droppers that did not contain such manufacturer-specific code, posing a threat to all devices regardless of the vendor. That paints a good picture as to how calculating these attacks can be. And Anatsa is particularly nasty.As Zimperium explains, TeaBot is an Android banking trojan targeting the largest number of mobile financial institutions with more standard features. Once on a victims device, the trojan checks which applications are installed, and once a targeted banking app is discovered, it downloads a payload specifically for that app. TeaBot typically spreads through malicious apps or phishing campaigns.Suffice to say, its disappointing this is still tricking its way onto Play Store. Check for the app and delete it now if youre one of those 200,000 impacted users. And please be mindful of the apps you install, especially in these catnip categories.Also ensure Play Protect is enabled on your phone. Each time Google removes an app, it updates its defenses to ensure the specific threat cant be deployed again. Clearly those developing malware adapt their code to slip through the net, and thats what drives this endless game of cat and mouse with Google.