New Android malware is masquerading as popular apps. Once installed, TeaBot uses special permissions to read text messages and screen content, and targets apps from more than 60 banks in Europe.
Banks mainly use a unique code sent by SMS to secure payments. However, this method is considered insecure, and banks have until next year to switch to a authentication enhanced, especially with a mobile application. A new malware sure Android take advantage of this deadline to target the bank accounts of Europeans.
TeaBot, also called Anatsa, was discovered by the cybersecurity company Cleafy. The malware masquerades as others applications in order to trick users to install it, like TeaTV, VLC MediaPlayer, DHL, UPS and others, using similar technique as FluBot. This new virus, still in development, is currently targeting around sixty banks located in Europe, mainly in Spain, Italy, Belgium and the Netherlands. It is currently translated into six languages, including French.
A malware capable of taking control of the mobile
TeaBot tries to install itself as an Android service, which among other things allows it to hijack accessibility services in order to read and hide text messages containing one-time codes. It asks for permissions to observe your actions, retrieve content from Windows and perform arbitrary gestures. The malware is also able to steal the identifiers and numbers of bank cards by overlaying a fake page above bank applications. It records all keystrokes, takes screenshot and can take full control of the device.
This malware can be difficult to spot because it hides itself by making its icon disappear. TeaBot is not present on the Play Store from Google. However, one should not underestimate the phishing and social engineering techniques that can be used to trick users into downloading and uploading. install your APK file.
Interested in what you just read?