Security researchers have discovered a new Android malware that, once installed on the victim’s device, allows the threat actors behind it to obtain a live stream of the device’s screen and interact with it through its Accessibility Services.
Cleafy’s Threat Intelligence and Incident Response unit discovered the Android malware known as “Teabot”.
Also read: 6 Unpatched bugs discovered in Remote Mouse App
It is used to steal users’ passwords and SMS messages in order to carry out fraudulent operations against banks in Spain, Germany, Italy, Belgium, and the Netherlands.
You might also like: Beware: Foxit Reader bug allows hackers run malicious code via PDFs
The Android malware was discovered in January and allowed fraud against more than 60 banks across Europe, according to the researchers.
By March 29, Cleafy analysts had discovered the trojan being used against Italian banks, and by May, it had spread to Belgium and the Netherlands.
Teabot Android Trojan is still in development, according to research, and initially targeted Spanish banks before expanding to Germany and Italy.
You might also like: These Billing Fraud Apps have infected over 700,000 Android Users
Spanish, English, Italian, German, French, and Dutch are among the languages supported by the malware at the moment.
The app was originally known as TeaTV, but it has since been renamed “VLC MediaPlayer,” “Mobdro,” “DHL,” “UPS,” and “bpost.”
According to the Cleafy report, the malicious app attempts to be installed on the system as an “Android Service,” which is an application component that can perform long-running operations in the background.
TeaBot takes advantage of this functionality to hide from the user after installation in order to avoid detection and ensure its persistence.
TeaBot can request Android permissions to monitor your behavior, retrieve window information, and execute arbitrary gestures after being installed.
The app will remove its icon from the computer until the permissions are issued.
According to Saumitra Das, CTO of cybersecurity firm Blue Hexagon, Teabot represents a change in mobile malware from a niche problem to a mainstream issue, similar to malware on traditional endpoints.
You might also like: These Billing Fraud Apps have infected over 700,000 Android Users
Even though the apps are not available on Google Play, the phishing/social engineering techniques used by the Teabot/Flubot actors are as good as any threat family on the PC side, as they can acquire a large threat base in a short period of time.