Dangerous Android banking malware found in Google Play Store

Dangerous Android banking malware that steals victim’s credentials and text messages has been downloaded thousands of times through Google Play Store, researchers have warned.

Called “TeaBot”, it is an Android banking Trojan that first appeared in early 2021 and is designed to steal victims’ text messages.

Initially, TeaBot was distributed via smishing campaigns using a predefined list of decoys, such as TeaTV, VLC Media Player, DHL and UPS and others, according to the fraud prevention and management solutions provider in Cleafy line.

“Over the past few months, we have detected a significant increase in targets which now have over 400 applications, including exchanges/wallets and digital insurance, and new countries such as Russia, Hong Kong and the United States”, have informed the researchers.

Over the past few months, TeaBot has also started supporting new languages, such as Russian, Slovak, and Mandarin Chinese, useful for displaying custom messages during installation phases.

On February 21, the Cleafy Threat Intelligence and Incident Response (TIR) ​​team discovered an app published on the official Google Play Store, which acted as a dropper app delivering TeaBot with a fake update procedure.

“The dropper sits behind a common QR Code & Barcode Scanner and it has been downloaded over 10,000 times. All reviews show the app as legit and working well,” the team noted.

However, once downloaded, the dropper will request an update immediately via a pop-up message.

Unlike legitimate apps that update through the official Google Play Store, the app dropper will require you to download and install a second app.

This application has been detected as TeaBot.

TeaBot, masquerading as “QR Code Scanner: Add-On”, is downloaded from two specific GitHub repositories.

Once users agree to download and run the fake “update”, TeaBot will begin its installation process by requesting “Accessibility Services” permissions in order to gain the necessary privileges.

One of the biggest differences, compared to the samples discovered in May 2021, is the increase in targeted apps which now include home banking apps, insurance apps, crypto wallets and crypto exchanges.

“In less than a year, the number of applications targeted by TeaBot has increased by over 500%, from 60 targets to over 400,” the team said.

Google Play has yet to comment on the report.

Cheapest VPN ever in 2022 download now
Also, Read – What is a VPN? Why and what type of VPN should everyone use?
Also, Read – Cheapest VPN ever in 2022 download now

One thought on “Dangerous Android banking malware found in Google Play Store”

Leave a Reply

%d bloggers like this: