The notorious TeaBot Android banking trojan is reportedly making waves across the globe following a report from a cybersecurity firm.
Coming with a new set of upgrades, this malware is now spotted targeting more than 400 applications. Seemingly, the attackers shifted their focus on creating more chaos through "smishing."
What Are Smishing Attacks
According to a report by ZDNET, this kind of attack emphasizes attacking victims by sending spam text messages with malware. The attached links in the messages could come in many forms. It could deceive the users by pretending to be a legitimate financial firm, a social media company, or an e-commerce organization.
When the unaware user clicks the message, he/she will be directed to a suspicious website that could steal their sensitive personal information, including email address, bank account, address, password, and more.
Last year, the TeaBot malware first came out under the Toddler/Anatsa identity. It reportedly had 60 lures, including UPS, VLC Media Player, and other services.
In July 2021, PRODAFT researchers found out that this Android banking trojan had attacked European banks. The cybersecurity firm discovered that it successfully hit 18 financial institutions.
The report wrote that TeaBot infections only reached five firms under the previous list as of press time. This accounts for 90% of the damages it did in its latest campaign. The researchers also speculated that the attackers have finished deploying their phishing tactic through SMS.
Now that it is spreading globally, the Teabot malware is not only affecting the European region. It added a new set of countries in its list, including the United States, Hong Kong, and Russia. It's still expanding its reach outside banks such as insurance firms and crypto exchanges.
Related Article: New Android Banking Malware TeaBot Forces Victims to Provide Bank Account Permissions-Disguising as VLC Media Player
TeaBot Banking Trojan Invades Google Play Apps
In a separate report from Cleafy, a risk management company, the TeaBot malware has been invading Android repositories through the apps.
Last month, the firm was spotted to have infiltrated suspicious applications such as Barcode Scanner and QR Code Scanner. The malware planted a fake update to fool the users into thinking it was a legitimate app.
Moreover, TeaBot will ask permission for the user to download a secondary app. This application reportedly has a remote access trojan or RAT.
Upon installation, the banking trojan will perform keylogging and remote access hacking. Prior to that, it would first request permission for these activities.
To add, it can also capture screenshots of the device's screen so it could take away confidential information. The 2FA codes can also be stolen by doing this.
"Since the dropper application distributed on the official Google Play Store requests only a few permissions and the malicious app is downloaded at a later time, it is able to get confused among legitimate applications and it is almost undetectable by common AV solutions," Cleafy said in its report.
Last week, Tech Times reported that a new form of Android banking trojan had struck the Google Play Store once again. The Xenomorph malware resurfaced to infect more devices.
This article is owned by Tech Times
Written by Joseph Henry