Security News > 2021 > May > Experts warn of a new Android banking trojan stealing users' credentials

Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands.

Called "TeaBot", the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021, followed by a rash of infections in the first week of May against Belgium and Netherlands banks.

"The main goal of TeaBot is stealing victim's credentials and SMS messages for enabling frauds scenarios against a predefined list of banks," Italian cybersecurity and online fraud prevention firm Cleafy said in a Monday write-up.

"Once TeaBot is successfully installed in the victim's device, attackers can obtain a live streaming of the device screen and also interact with it via Accessibility Services."

In the last link of the attack chain, TeaBot exploits the access to achieve real-time interaction with the compromised device, enabling the adversary to record keystrokes, in addition to taking screenshots and injecting malicious overlays on top of login screens of banking apps to steal credentials and credit card information.

The heightened FluBot infections prompted Germany and the U.K. to issue alerts last month warning of ongoing attacks via fraudulent SMS messages that trick users into installing "Spyware that steals passwords and other sensitive data."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/JVQhnmPaFWw/experts-warn-of-new-android-banking.html