A security firm reported that a malicious app that was downloaded more than 10,000 times installed a remote access trojan that stole users' passwords, text messages, and other confidential data.
The TeaBot and Anatsa was discovered in May of last year. It used streaming software and abused accessibility services in a way that allowed the malware creators to remotely view the screens of infected devices and interact with the operations the devices carried out. TeaBot was programmed to steal data from about 60 banks around the world.
Cleafy reported that TeaBot was back. The malicious app called QR Code & Barcode Scanner allowed users to interact with barcodes, which was the reason for the name. The app had more than 10,000 installs before Cleafy researchers noticed the fraudulent activity.
One of the biggest differences is compared to the samples discovered... In less than a year, the number of applications targeted by TeaBot have grown.
TeaBot started supporting new languages in recent months, including Russian, Slovak, and Mandarin Chinese. The fraudulent app that was distributed on Play was found to be malicious by only two antimalware services. TeaBot was portrayed as legitimate and well- functioning by all of the reviews, making it harder for less experienced people to recognize it as a risk.
AdvertisementA pop-up informed users that an update was available after they installed the malicious app. The pop-up downloaded the update from two specific repositories created by a user named feleanicusor. TeaBot was installed by the two repositories.
The TeaBot authors have developed an infection chain.
Cleafy researchers wrote.
Once the users accept to download and execute the fake “update”, TeaBot will start its installation process by requesting the Accessibility Services permissions in order to obtain the privileges needed:
- View and control screen: used for retrieving sensitive information such as login credentials, SMS, 2FA codes from the device’s screen.
- View and perform actions: used for accepting different kinds of permissions, immediately after the installation phase, and for performing malicious actions on the infected device.
TeaBot is one of the latest pieces of malicious software to be found in the official app market. The company is usually quick to remove malicious apps once they are reported, but it continues to struggle to identify them on its own. The email seeking comment for this post was not responded to by the representatives from the company.
Cleafy has a list of indicators that people can use to determine if they installed a malicious app.
The image is listed by the company.
All Rights Reserved © 2024
