New malware targeting Android banking apps makes the rounds in Europe / digital information world
Android is once again the target of a new Trojan horse. This malware has the ability to steal user credentials as well as SMS messages to pave the way for fraudulent activity against banks in Italy, Belgium, Spain, Germany and the Netherlands. The malware has been dubbed Teabot and is believed to be in its early stages of development.
TeaBot-related activity has been known since January, but more malicious attacks targeting financial apps started at the end of March 2021. And in the first week of May, more serious attacks were targeted against banks from the Netherlands to Belgium.
Italian online fraud and cybersecurity company Cleafy said Teabot’s main goal is to steal victim’s SMS messages and credentials to enable fraud scenarios against a bank list predefined. They further stated that once the TeaBot is installed in the victim’s device, attackers can easily get a live broadcast of the victim’s device screen on demand and can also interact with it via accessibility services. The installed malware containing application copy packaging and media delivery services such as VLC Media Player, TeaTv, UPS and DHL. The malware acts like a dropper and loads a second stage payload that forces the victim to grant them access to the accessibility service. After that, all the security functions of the victim’s mobile phone are disabled by the TeaBot. The system malware prevents access to gain real-time interaction with the attacked device and allows the hacker to record all keystrokes while taking a screenshot and injecting malicious overlays on top of it. the login screen on the cooking applications. In this way, all the information related to the victim’s credit card can be extracted.
Not only that, but TeaBot can also deactivate Google Play, Google Protect, intercept its path in SMS messages and gain access to Google authentication codes. The data it collects is then transferred to the attacker through a remote server every 10 seconds. Recently, there has been an increase in Android malware that uses accessibility services as a mode of data theft. Likewise, TeaBot uses the same decoy tactics as FluBot and presents itself as a harmless expedition app through which it tries to stay under the radar. As a result of the increase in FluBot infections, the UK and Germany issued alerts last month to warn their populations of ongoing attacks using SMS messages to trick users into installing spyware that feeds sensitive data, including passwords.
Read More: AV Test Reveals Best Antivirus Software For Android, Surprisingly Third-Party Tools Work Too Well Compared To Google’s Security System