loading…
A new malware called TeaBot infiltrated an app that was able to make it to the Google Play Store and be downloaded thousands of times. Photo: Ist
Trojan itself is malware that disguises itself as a specific application so that it can enter a cellphone, computer or website. According to Cleafy’s records, TeaBot was able to steal credentials and SMS messages.
Initially, the hackers spread the TeaBot through what is known as “smishing” activity. Smishing is the practice of sending texts from trusted sources asking for personal information, such as passwords and credit card numbers. But, now the TeaBot trojan is developing more sophisticated and aggressive.
The Cleafy Threat Intelligence and Incident Response (TIR) team in February discovered an application published on the official Google Play Store that turned out to be infiltrated by the TeaBot malware. The malware hides in an application called QR Code & Barcode – Scanner.
As of March 1, at least 10,000 Android users have downloaded the app. Even worse, Cleafy notes that the app has plenty of five-star reviews that show it’s legit and good.
However, after you download the QR Code & Barcode – Scanner, the application immediately asks for an update or update. Uniquely, the application update is also done via Google Play.
Well, after you install the update, the hacker will install a second app on your phone.
The app is disguised as QR Code Scanner: Add-On. But, it’s actually the TeaBot banking trojan.
TeaBot then starts the installation process on your phone by asking for Accessibility Services permission. If you give this permission, TeaBot can do things like view and control the screen.
