Security News > 2022 > January > Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices

Another Android trojan called TeaBot has been observed lurking on the Google Play Store in the form of an app named "QR Code Reader - Scanner App," attracting no fewer than 100,000 downloads while delivering 17 different variants of the malware between December 6, 2021, and January 17, 2022.

BitDefender said it identified four more dropper apps - 2FA Authenticator, QR Scanner APK, QR Code Scan, and Smart Cleaner - that were available on the Play Store and distributed the TeaBot malware since at least April 2021.

Another technique of interest adopted by the operators is versioning, which works by submitting a benign version of an app to the app store for purposes of evading the review process put in place by Google, only to replace the codebase over time with additional malicious functionality through updates at a later date.

The apps were programmed to download an "Update" followed by prompting users to grant them Accessibility Service privileges and permissions to install apps from unknown third-party sources.

While the huge nest of trojan apps have since been purged from the Play Store, they are still available on third-party app stores, once again underscoring the potential dangers when it comes to sideloading applications onto mobile devices.

"In addition to over 470 Android applications, the distribution of the applications was extremely well-planned, spreading their apps across multiple, varied categories, widening the range of potential victims," Zimperium researcher Aazim Yaswant said.

News URL

https://thehackernews.com/2022/01/widespread-flubot-and-teabot-malware.html