Android banking malware-Teabot exploited in the wild

Security researchers have discovered a new Android malware that, once installed on the victim’s device, allows the threat actors behind it to obtain a live stream of the device’s screen and interact with it through its Accessibility Services.

 

Cleafy’s Threat Intelligence and Incident Response unit discovered the Android malware known as “Teabot”.

 

Also read: 6 Unpatched bugs discovered in Remote Mouse App

 

It is used to steal users’ passwords and SMS messages in order to carry out fraudulent operations against banks in Spain, Germany, Italy, Belgium, and the Netherlands.

 

You might also like: Beware: Foxit Reader bug allows hackers run malicious code via PDFs

 

The Android malware was discovered in January and allowed fraud against more than 60 banks across Europe, according to the researchers.

 

By March 29, Cleafy analysts had discovered the trojan being used against Italian banks, and by May, it had spread to Belgium and the Netherlands.

 

Teabot Android Trojan is still in development, according to research, and initially targeted Spanish banks before expanding to Germany and Italy.

 

You might also like: These Billing Fraud Apps have infected over 700,000 Android Users

 

Spanish, English, Italian, German, French, and Dutch are among the languages supported by the malware at the moment.

 

The app was originally known as TeaTV, but it has since been renamed “VLC MediaPlayer,” “Mobdro,” “DHL,” “UPS,” and “bpost.”

 

According to the Cleafy report, the malicious app attempts to be installed on the system as an “Android Service,” which is an application component that can perform long-running operations in the background.

 

TeaBot takes advantage of this functionality to hide from the user after installation in order to avoid detection and ensure its persistence.

 

android, backdoor, Computer Security, android, android malware, android banking trojan, android banking malware, TeaTV, VLC MediaPlayer,Mobdro,DHL,UPS, bpost, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cybersecurity news, data breach, Data leak, hacker news, hacking news, information security, InfoSec,  teabot trojan, network security, ransomware, ransomware group, ransomware malware, RCE, Remote Code Execution, android banking trojan, teabot android banking malware, teabot android trojan, teabot android malware, android trojan app, android banking malware app, rootkit, Security, software vulnerability, Vulnerability, mobile banking trojan, mobile banking malware, mobile malware, mobile banking trojan
Source: Cleafy (Example of bank credential stolen by TeaBot)

 

TeaBot can request Android permissions to monitor your behavior, retrieve window information, and execute arbitrary gestures after being installed.

 

The app will remove its icon from the computer until the permissions are issued.

 

android, backdoor, Computer Security, android, android malware, android banking trojan, android banking malware, TeaTV, VLC MediaPlayer,Mobdro,DHL,UPS, bpost, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cybersecurity news, data breach, Data leak, hacker news, hacking news, information security, InfoSec,  teabot trojan, network security, ransomware, ransomware group, ransomware malware, RCE, Remote Code Execution, android banking trojan, teabot android banking malware, teabot android trojan, teabot android malware, android trojan app, android banking malware app, rootkit, Security, software vulnerability, Vulnerability, mobile banking trojan, mobile banking malware, mobile malware, mobile banking trojan
Source: Cleafy {Screenshots taken during the installation phase of TeaBot)

 

According to Saumitra Das, CTO of cybersecurity firm Blue Hexagon, Teabot represents a change in mobile malware from a niche problem to a mainstream issue, similar to malware on traditional endpoints.

 

You might also like: These Billing Fraud Apps have infected over 700,000 Android Users

 

Even though the apps are not available on Google Play, the phishing/social engineering techniques used by the Teabot/Flubot actors are as good as any threat family on the PC side, as they can acquire a large threat base in a short period of time.