Researchers warn Users of Android malware, TeaBot

Share Us

568
Researchers warn Users of Android malware, TeaBot
07 Mar 2022
6 min read

News Synopsis

Researchers warn that dangerous Android banking malware that steals users' credentials and SMS messages has been downloaded thousands of times via the Google Play store.

The malware is called TeaBot, first emerged in 2021 and was used for stealing victims’ text messages. According to online fraud management and prevention solution provider, Cleafy, it was distributed through smishing campaigns using a predefined list of lures like TeaTV, VLC Media Player, DHL, UPS and others. 

The researchers also revealed a major increase of targets, counting to 400 applications, including banks, crypto exchanges and digital insurances along with new countries such as Russia, Hong Kong and the USA. TeaBot has also started supporting new languages including Russian, Slovak and Mandarin Chinese. 

On February 21, the Cleafy Threat Intelligence and Incident Response (TIR) ​​team discovered an application that acted as a dropper application, published on the official Google Play store, and delivered TeaBot with a fake update procedure.

The team also notified that the dropper lies behind a common QR Code & Barcode Scanner and has been downloaded more than 10,000 times. The reviews of the team also display as legitimate and well-functioning.

However, upon downloading the dropper asks for an update with a popup message. The update requires users to download a second application for the update. The second application is detected as TeaBot. TeaBot starts its installation process by requesting the ‘Accessibility Services’ permission in order to obtain the privileges needed, that is used to steal users' data.