Security News > 2022 > March > TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps

An Android banking trojan designed to steal credentials and SMS messages has been observed sneaking past Google Play Store protections to target users of more than 400 banking and financial apps from Russia, China, and the U.S. "TeaBot RAT capabilities are achieved via the device screen's live streaming plus the abuse of Accessibility Services for remote interaction and key-logging," Cleafy researchers said in a report.

Also known by the name Anatsa, TeaBot first emerged in May 2021, camouflaging its malicious functions by posing as seemingly innocuous PDF document and QR code scanner apps that are distributed via the official Google Play Store instead of third-party apps stores or via fraudulent websites.

Then earlier this January, Bitdefender researchers identified TeaBot lurking in the official Android app marketplace as a "QR Code Reader - Scanner App," gaining more than 100,000 downloads within a span of a month before it was taken down.

The latest version of TeaBot dropper spotted by Cleafy on February 21, 2022, is also a QR code reader app named "QR Code & Barcode - Scanner" which has been downloaded roughly 10,000 times from the Play Store.

Once installed the modus operandi is the same: prompt users to accept a fake add-on update, which, in turn, leads to the installation of a second app hosted on GitHub that actually contains the TeaBot malware.

"In less than a year, the number of applications targeted by TeaBot have grown more than 500%, going from 60 targets to over 400," the researchers said, adding the malware now strikes several apps related to personal banking, insurance, crypto wallets, and crypto exchanges.

News URL

https://thehackernews.com/2022/03/teabot-android-banking-malware-spreads.html