Beware of This Malicious Android App That Can Steal Your Data!
While the Google Play Store is home to millions of useful Android apps and games, it somehow has malicious apps too, which have posed a privacy threat to users. A new malicious app has now been discovered, which can carry a new banking trojan dubbed “TeaBot,” designed to steal sensitive user data like passwords, bank credentials, and text messages on your Android phone. Let’s take a closer look at the details below.
TeaBot Banking Trojan Discovered in QR Code App
The TeaBot banking trojan, also known asToddler and Anatsa, was first discovered back in May 2021. At that time, it targeted European banks and stole two-factor authentication (2FA) codes sent by text messages. However, areportfrom malware and online fraud prevention platform Cleafy now states that the malware has evolved and is now being used to target users inRussia, Hong Kong, and the USA.
As per the report,the Android app named“QR Code & Barcode – Scanner” was the latest TeaBot-laden app in the Google Play Storethat had more than 10,000 downloads. While the app looked legitimate at first glance, it asked for permission to download a second “QR Coder Scanner: Add On” application, which included the TeaBot samples after it is downloaded.
Once the second app was installed,it asked for permissions to view and control the device’s screento gain sensitive user data such as SMS, login credentials, and 2FA codes. Moreover, the trojan also recorded keyboard entries of the user, much likeother banking malware, to retrieve sensitive information.
As the QR Code & Barcode – Scanner app looked legitimate, most of the user reviews were positive. Additionally, the app downloaded the TeaBot trojan as an in-app update, and hence, remained“almost undetectable”by many antivirus solutions for Android.
“Since the dropper application distributed on the official Google Play Store requests only a few permissions and the malicious app is downloaded at a later time, it is able to get confused among legitimate applications and it is almost undetectable by common antivirus solutions,”the Cleafy researchers wrote in the report.
Previously, the TeaBot trojan was distributed via SMS phishing campaigns by luring users with popular Android apps such as VLC Media Player, TeaTV, DHL, or UPS. These apps acted as a “dropper” for the malicious TeaBot trojan, which means that they appeared to be legit apps but delivered a second-stage malicious payload installed TeaBot on users’ devices using the apps.
While theQR Code & Barcode – Scanner has already been removedfrom the Play Store by Google, Cleafy mentions that TeaBot is now targetting 400+ Android apps. These include crypto wallets, insurance apps, and home banking apps. So, if you are an Android user, especially in Hong Kong, Russia, or the USA, beware of the TeaBot trojan in the Google Play Store!
Dwaipayan Sengupta
A geek at heart, you’ll find me fidgeting with an iOS device or sitting in front of the laptop, scouring the internet to find interesting technological innovations. In my free time, you’d find me playing Valorant or listening to Pink Floyd.
Add new comment
Name
Email ID
Δ
01
02
03
04
05
