After learning that there is a dangerous evolution of BRATA in the Play Store, banking malware is evolving, and the Android permissions system and Google Play’s lack of security are the main culprits, we again have news about Trojans capable of taking over your entire device.
In this case, it was a QR code app that reintroduced Teabot to the Play Store. It is dangerous malware able to fully control your device and which is mainly focused on obtaining your bank details. It is not only present in this application (already deleted), but it continues to evolve and impersonate other applications.
Teabot is back stronger than ever
Full control permission, avoid giving it at all costs.
From Xataka Android, we have shown you how to read QR codes without installing anything, because all Android phones have this function. Cleafy researchers have detected the return of Teabot, a dangerous Trojan that we have already heard about in 2021.
Teabot’s modus operandi is already known: it asks for accessibility authorization to completely control our mobile and steal our passwords
In this case, it was hidden in a QR code app that had over 10,000 downloads and appeared in the top positions when we searched for “qr reader” in the Play Store. The app hid malware with behavior we already know: request accessibility permission to have full control of the devicejust like the notorious FedEx app viruses did.
Worldwide distribution of Teabot
Teabot does not stop its advance. Initially, it started being distributed in fake applications of DHL, UPS, FedEx and others, but in recent months the researchers point out that it is present in more applications
As we always do, we recommend keep a close eye on the permissions requested by appsnever install apps you don’t need and avoid at all costs giving full control to apps that don’t have to ask for accessibility permission.
More information | Cleafy
