New Android Banking Malware TeaBot Forces Victims to Provide Bank Account Permissions—Disguising as VLC Media Player

By

Security researchers discovered a new Android banking malware called TeaBot. They claimed that this new trojan virus can steal users' bank credentials to steal their funds.

A New Android Banking Malware Targets User Bank Credentials: Here's How TeaBot Works
A participant sits with a laptop computer as he attends the annual Chaos Communication Congress of the Chaos Computer Club at the Berlin Congress Center on December 28, 2010 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants. Photo by Sean Gallup/Getty Images

According to the involved cybersecurity researchers, the new Android banking malware was disclosed on Monday, May 10. They explained that hackers can use this new trojan to hijack users' credentials and SMS messages.

Once the cybercriminals successfully do this, they can conduct malicious activities against the banks in Germany, Italy, Belgium, the Netherlands, and Spain. Aside from this, the security experts claimed that the new TeaBot malware is still in its early stages of development.

This means that the trojan virus could be more dangerous if it is not neutralized as soon as possible.

The hackers behind the new malware started to conduct malicious activities back in late March. After that, they attacked some of the financial apps in the first week of May in Belgium and the Netherlands banks.

How TeaBot Malware Works

According to the Hackers News' latest report, the very first appearance of the new Trojan virus was first spotted back in January.

A New Android Banking Malware Targets User Bank Credentials: Here's How TeaBot Works
The new iPhone 5S with fingerprint technology is displayed during an Apple product announcement at the Apple campus on September 10, 2013 in Cupertino, California. The company launched the new iPhone 5C model that will run iOS 7 is made from hard-coated polycarbonate and comes in various colors and the iPhone 5S that features fingerprint recognition security. Photo by Justin Sullivan/Getty Images

"The main goal of TeaBot is stealing victim's credentials and SMS messages for enabling fraud scenarios against a predefined list of banks," said Cleary, Italian cybersecurity and online fraud prevention firm.

"Once TeaBot is successfully installed in the victim's device, attackers can obtain a live streaming of the device screen (on demand) and also interact with it via Accessibility Services," the security company added.

Aside from this, the security firm Cleafy also confirmed that the rouge Android malware disguises itself as package delivery and media services. These include TeaTV, DHL, UPS, VLC Media Player, and more.

On the other hand, experts also concluded that once the hackers successfully exploit the new malware, they can now load a second-stage payload and force their victims to provide bank account permissions.

Other Details of the New Malware

Cleafy's official website also provided the exact methods used by the new malware. Here are some of them:

  • The malicious application acts as a dropper and dynamically loads a 2nd stage (.dex) where all the malicious code resides
  • Network communications are partially encrypted using the XOR algorithm
  • Usage of "Junk Code"

If you want to know more details about the new Android TeaBot malware, all you need to do is click this link.

For more news updates about new malicious systems, such as malware, trojans, and more, always keep your tabs open here at TechTimes.

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:AndroidVictimsVLC Media Player
Join the Discussion
Most Popular
Real Time Analytics