Tech News You May Have Installed Android Malware That Steals User Data from Google Play Store

New Delhi: Researchers have cautioned that a hazardous Android banking virus that steals victims’ passwords and SMS messages has been accessed thousands of times from the Google Play Store.

It’s known as “TeaBot,” and it’s an Android banking malware that first appeared in early 2021 intending to collect victims’ text messages.

According to online fraud management and prevention solution company Cleafy, TeaBot was initially propagated through smishing campaigns utilizing a predetermined list of lures, such as TeaTV, VLC Media Player, DHL, UPS, and others.

Also Read: Apple Will Repair Face ID Without Replacing iPhone

“In recent months, we have detected a major increase in targets, which now number more than 400 applications, including banks, crypto exchanges, wallets, and digital insurance, and new countries such as Russia, Hong Kong, and the US,” the researchers explained.

TeaBot has also begun to support new languages ​​in recent months, such as Russian, Slovak, and Mandarin Chinese, which are handy for showing bespoke messages throughout the installation steps.

The Cleafy Threat Intelligence and Incident Response (TIR) ​​team found an application on the official Google Play Store on February 21 that was working as a dropper application, distributing TeaBot with a bogus update mechanism.

“The dropper lies behind a common QR Code and Barcode Scanner, and it has been downloaded more than 10,000 times. All the reviews display the app as legitimate and well-functioning,” according to the team.

However, once installed, the dropper will prompt you for an update through a popup message.

Unlike legal apps that install updates from the Google Play Store, the dropper app will ask you to install a second program.

TeaBot has been identified as the application in question.

The TeaBot, also known as the “QR Code Scanner: Add-On,” may be obtained from two GitHub sources.

TeaBot will begin its installation procedure by asking the “Accessibility Services” for permission to get the rights required after the users agree to install and run the bogus “update.”

The rise in targeted apps, which now includes home banking applications, insurance applications, crypto wallets, and crypto exchanges, is one of the most notable modifications when compared to the samples identified in May 2021.

“In less than a year, the number of applications targeted by TeaBot has grown by more than 500 percent, from 60 targets to over 400,” the researchers noted.

Google Play has yet to respond to the news.


Leave a Comment