Security News > 2021 > May > TeaBot Trojan Targets Banks via Hijacked Android Handsets

Researchers have discovered an Android trojan that can steal victims' SMS messages and credentials and completely take over devices.

Once installed on a victim's device, attackers can use the trojan to obtain a live streaming of the device screen on demand and also interact with it via Accessibility Services, according to a report posted online by online fraud-management firm Cleafy about the trojan, which is also tracked by the name "Anatsa."

Researchers from Cleafy's Threat Intelligence and Incident Response team detected TeaBot-which shares a number of features with other Android trojans-for the first time March 29 against banks in Italy, but the malware has since spread with "Injections against Belgium and Netherlands banks," according to the report.

Once digging deeper into the sample they examined, researchers found evidence that TeaBot targeted banks in Spain as early as January and also targeted German banks in March, they said.

While this behavior is similar to another Android banking trojan EventBot, TeaBot behaves differently in that it tracks only targeted apps, not all apps, like EventBot does, researchers noted.

While TeaBot appears to be localized "Within certain European countries for the time being," banks operating in the rest of the world should also be put on notice, as "Such attacks can quickly spread regionally and across the globe," observed one security expert.

News URL

https://threatpost.com/teabot-trojan-targets-banks-android/166075/