A Google Play app that has been downloaded over 10,000 times is supposedly the culprit for a so-called remote access trojan virus (RAT).
This trojan, as per ArsTechnica, goes by two names: Teabot and Anatsa. According to analysis, it allows any cybercriminals using it to steal user passwords, text messages, and basically almost any other type of sensitive data that could be exploited for financial gain.
Teabot first popped up last May 2021 as a so-called Android banking trojan. In an article by Cleafy, it was said to be designed to steal victims' credentials and SMS messages, which is achieved using the affected device's live streaming capabilities, which is requested on demand.
Once hackers take control, they are able to perform a maneuver called an Account Takeover directly from the affected phone, which is also called On-Device Fraud. It was reportedly first distributed via apps called TeaTV, DHL, UPS, and even VLC Media Player apps.
Many of the Google Play app trojan's initial victims were located in major countries all over the world, including Russia, the United States, and the UK, among others. It was targeting the likes of banks, crypto wallets, and digital insurance.
These institutions seem to have been targeted as early as January and July of last year, when Cleafy identified Teabot as the Android malware targeting banks in Europe. It wasn't detailed how much money the hackers are stealing from the scheme (or whether they even got to steal any), but it's still a major cybersecurity threat nonetheless.
Initially, the app somehow dropped out of the radar. But now it is back, and is now masquerading as a QR code app called QR Code & Barcode - Scanner, writes Bleeping Computer. So if you're looking for a QR code app, beware of this app's name and avoid it like the plague-more so if you do much of your banking from your Android phone.
Read Also : Android Banking Trojan Strikes Again in Google Play Store | What to Know About Xenomorph Malware
Where Did This Google Play Trojan Come From?
As of late, nobody knows. But it's far from the only one to come out recently that does what it does, and that's for certain.
Back in February, another Android malware also posing as legitimate apps was detected. Called the Joker malware, this malware was detected in a total of 14 Android apps, as per Kaspersky analyst Tatyana Shishkova. It also reportedly steals money from its victims right under their noses.
How To Protect Against Android Malware
Fortunately, it is not that hard to protect your phone from any malware posing as Google Play apps. All you need to know is how to spot these fake apps before you unknowingly install them on your phone.
Among the best methods for spotting these fake apps, according to Kaspersky, is to read through the permissions that the app requires. Try to see whether the permissions match the app's purpose (i.e. a camera app that requires access to your contacts is something suspicious). You can also check the app's reviews for any sign of irregularity or major problems.
Lastly, just be vigilant and only download apps from trusted, verified sources. Do not download anything from third-party marketplaces as much as you can, and stay away from "free antivirus trials" which say that your phone is already infected with malware, and offer to "clean it."
Related Article : 'Banking' Trojan Malware Hits Over 300,000 Android Users | List of Apps to Avoid on Google Play App Store
This article is owned by Tech Times
Written by RJ Pierce