· 351
Wajdi Alkayal Wajdi Alkayal

The TeaBot banking trojan: A data theft app found on google play is downloaded thousands of times.

Data theft relates to an unauthorized person gaining access to your laptop and stealing information, accessing email accounts or computer networks, and sending an email with personal data to the wrong person. It’s also known as information theft. This could include illegal transfer or storage of personal, confidential, or financial information such as passwords, software code, or algorithms. It is growing day by day. Data theft also refers to cybercrime.

Now it is found that the data-stealing app, Teabot found on the Google play store is downloaded more than 10,000 times. A notorious Android banking trojan designed to steal user data, like passwords and text messages, has been discovered on Google Play.  And to make matters worse the android trojan has been downloaded thousands of times. Data stealing apps like Trojans and Malware apps re been used frequently since the pandemic.


A new Data Stealing app on Google Play:

The TeaBot banking trojan was first observed in 2021targeting European banks by stealing two-factor authentication codes sent by text message. It’s also known as Anatsa and Toddler.

‘An online fraud management and prevention solution, present malware scams evolved to disturb Russia, Hong Kong, and the United States via a second-stage malicious payload’ says a new report by Cleafy. It says that the malware was previously distributed through SMS-based phishing campaigns using a number of common apps as lures, such as TeaTV, VLC Media Player, and shipping apps like DHL and UPS.

Researchers say that the malicious Google Play app was acting as a “dropper”, that delivered TeaBot by way of a fake in-app update. Droppers are apps that appear legitimate, but in fact, deliver a second-stage malicious payload.

When you download the QR Code & Barcode Scanner app it looks and feels 100% legit. But when you start using it immediately request permission to download a second application. As the QR code & Barcode Scanner app offers the promised functionality, nearly all of the app’s reviews are positive.

The QR Code & Barcode Scanner immediately requests permission to download a second application, “QR Code Scanner: Add-On,” which includes multiple TeaBot samples. Once installed, TeaBot asks for permissions to view and control the device’s screen to retrieve sensitive information such as login credentials, SMS messages, and two-factor codes.

It also abuses Android’s accessibility service, similar to other malicious Android apps, to request permissions that allow the malware to record keyboard entries.

Cleafy warns that when the official Google Play Store requests only permission and the malicious app is downloaded at a later time here the dropper application is distributed. It is able to get mask itself as a legitimate application and it is almost undetectable by common antivirus solutions.

Cleafy says TeaBot is now targeting over 400 applications, including home banking apps, insurance apps, crypto wallets, and crypto exchanges, an increase in more than 500% in attacks in less than a year. But now this app is removed from google play.

It is recommended that you steer clear of apps that behave in a similar manner. It is vital that you protect yourself and your info.

Related Posts
Graphic design
09 June
The Power of Email Marketing
03 June
01 June

WMK Tech Copyright © 2024. All rights reserved