Threat Actors Blanket Androids with Flubot, Teabot Campaigns

2022-01-26 14:02

Researchers have discovered a raft of active campaigns delivering the Flubot and Teabot trojans through a variety of delivery methods, with threat actors using smishing and malicious Google Play apps to target victims with fly-by attacks in various regions across the globe.

Researchers from Bitdefender Labs said they have intercepted more than 100,000 malicious SMS messages trying to distribute Flubot malware since the beginning of December, according to a report published Wednesday.

This global fly-by aspect of the threat actors behind the trojans is evident in the most recent Flubot campaigns researchers observed, they said, with operators targeting different geographic zones for short periods of time - sometimes just for a few days, they wrote.

Flubot operators have picked up on this trick and are using a variation of it in one of the smishing campaigns observed, with users receiving an SMS message that asks, "Is this you in this video?" researchers wrote.

While investigating Flubot, researchers also discovered a Teabot variant being installed on devices without a malicious SMS being sent, they said.

Further investigation revealed a dropper application in Google Play Store named the "QR Code Reader - Scanner App" that's been distributing 17 different Teabot variants for a little over a month, researchers said.

News URL

https://threatpost.com/threat-actors-androids-flubot-teabot-campaigns/177991/

#android #threat