Security News > 2022 > March > TeaBot Trojan Haunts Google Play Store, Again

The TeaBot banking trojan - also known as "Anatsa" - has been spotted on the Google Play store, researchers from Cleafy have discovered.

Hank Schless, senior manager of security solutions at Lookout, explained via email that attackers "Usually stick to utility apps like QR code scanners, flashlights, photo filters, or PDF scanners because these are apps that people download out of necessity and likely won't put as much time into looking at reviews that might impact their decision to download.".

In January, an app called QR Code Reader - Scanner App was distributing 17 different Teabot variants for a little over a month.

Google Play Protect, for example, helps root out malicious apps before they're installed and scans for evidence of misdoing on a daily basis.

The update is a second app containing a malicious payload. If the user gives their app permission to install software from an unknown source, the infection process begins.

"Real-time scanning of app downloads - even if the app doesn't originate from Google Play - would help to mitigate this issue," Shawn Smith, director of infrastructure at nVisium, told Threatpost on Wednesday via email, adding that "Additional warning messages when installing app add-ons that aren't on Google Play could be useful, too."

News URL

https://threatpost.com/teabot-trojan-haunts-google-play-store/178738/