New Android malware is masquerading as popular apps. Once installed, TeaBot uses special permissions to read text messages and screen content, and targets apps from more than 60 banks in Europe.
Banks mainly use ato secure payments. However, this method is considered insecure, and banks have until next year to switch to a enhanced, especially with a mobile application. A new sure take advantage of this deadline to target the bank accounts of Europeans.
TeaBot, also called Anatsa, was discovered by. The malware masquerades as others in order to trick users to install it, like TeaTV, VLC MediaPlayer, DHL, UPS and others, using similar technique as . This new , still in development, is currently targeting around sixty banks located in Europe, mainly in Spain, Italy, Belgium and the Netherlands. It is currently translated into six languages, including French.
A malware capable of taking control of the mobile
TeaBot tries to install itself as an Android service, which among other things allows it to hijack accessibility services in order to read and hide text messages containing one-time codes. It asks for permissions to observe your actions, retrieve content fromand perform arbitrary gestures. The malware is also able to steal the identifiers and numbers of bank cards by above bank applications. It records all keystrokes, takes and can take full control of the device.
This malware can be difficult to spot because it hides itself by making its icon disappear. TeaBot is not present on the Playfrom Google. However, one should not underestimate the phishing and social engineering techniques that can be used to trick users into downloading and uploading. .