Android Malware Warning: TeaBot Steals Credentials and SMS

Total
0
Shares
Android Malware Warning: TeaBot Steals Credentials and SMS

Security researchers have issued a cautionary alert regarding a perilous Android banking malware, known as ‘TeaBot,’ capable of pilfering users’ credentials and SMS messages. The malware has been disseminated through the Google Play Store, potentially impacting thousands of users.

Emergence and Distribution

TeaBot, identified as an Android banking trojan, surfaced in early 2021 with its primary objective being the theft of text messages from victims. Initially, it was propagated via smishing campaigns utilizing various enticing baits such as TeaTV, VLC Media Player, DHL, UPS, and others. According to Cleafy, an online fraud management and prevention solution provider, the malware’s target list has expanded significantly over time, encompassing more than 400 applications including banks, crypto exchanges/wallets, and digital insurance providers. Moreover, TeaBot has extended its reach to new territories such as Russia, Hong Kong, and the US.

Evolution and Tactics

In recent months, TeaBot has undergone enhancements, including support for additional languages like Russian, Slovak, and Mandarin Chinese, facilitating customized messages during installation. On February 21, the Cleafy Threat Intelligence and Incident Response (TIR) team identified a dropper application on the official Google Play Store, masquerading as a QR Code & Barcode Scanner. This app, downloaded over 10,000 times, deployed a deceptive update mechanism to deliver TeaBot.

Modus Operandi and Deception

Upon installation, the dropper prompts an immediate update request via a popup message, diverging from legitimate apps that utilize the Google Play Store for updates. Users are coerced into downloading and installing a second application, disguised as “QR Code Scanner: Add-On,” sourced from specific GitHub repositories. Subsequently, TeaBot initiates its installation process, soliciting ‘Accessibility Services’ permissions to acquire necessary privileges.

Escalation of Targets

TeaBot’s recent iterations have broadened its scope of targeted applications, now encompassing home banking apps, insurance providers, crypto wallets, and exchanges. The proliferation of targets has witnessed a staggering surge, surpassing 500%, from 60 to over 400 applications within a span of less than a year.

Response from Google Play

As of the latest update, Google Play has yet to provide a response or comment on the reported infiltration of TeaBot and its associated dropper applications.

Amidst the escalating threat posed by such malware, users are advised to exercise caution while downloading applications, especially from unofficial sources, and remain vigilant against suspicious update requests or installation prompts.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like