2021 is a year with malware taking the lead on Android. After the system update, WhatsApp Rosa and BRATA, cybersecurity researchers discovered a new malware called ‘TeaBot’.
It’s a banking Trojan which mainly attacks European banks and this has a particular impact in Europe. It is able to steal victims’ credentials, access their SMS and remotely control the phone.
Introducing TeaBot, a dangerous new banking malware
After Flubot, the SMS malware, comes TeaBot, a new malware that only affects Android and was discovered by Cleafy, a cybersecurity company. As stated in the report, TeaBot is a banking malware that tries to steal the credentials of victims
Once the APK is installed and accessibility permissions granted, attackers can have absolute control over our phone
Once installed on the victim’s mobile, attackers can view and control the screen remotely, thanks to Accessibility permission, which allows full control over the device. Here are some of the actions you can take, although the summary is that can control all mobiles
- Send and intercept SMS messages
- Read phone status
- Change sound settings to turn off the phone
- Show a pop-up on other apps so that we accept permissions
- It is able to delete applications
TeaBot attacks all over Europe, with Europe as the main victim, followed by Germany, Italy and Belgium. Researchers say it’s in its early stages of development, so it might behave more aggressively over the next few weeks.
Technically, it is very similar to Flubot. TeaBot is hiding under the name of DHL, UPS, VLC MediaPlayer or Mobdro, i.e. masquerades as other applications. Once we have it installed it asks us for accessibility permission and when it has it we have already fallen into the trap.
To avoid falling into this type of malware We recommend that you do not install a third-party APK Unless you are clear about its origin and how it works. Furthermore, don’t give accessibility permissions lightlybecause they can completely control your device through it.
More information | Cleafy