Security researchers recently discovered a new Trojan called TeaBot that has been resurrected from the ashes of previous, more nefarious versions. Unlike its predecessors though, this version is completely free and open source for anyone to download and run on their own device. Additionally, it’s packed with functionality that can be turned off by users who don’t feel like being tracked! Here are some tips we’ve learned while testing out our Android app:
1) Enable “Verify apps” in settings 2) Disable data transfer if you’re concerned about your privacy 3) Uninstall any malicious apps currently installed 4) Keep an eye out for security updates
The “TeaBot Trojan Resurfaces Into Google Play Store” is a new malware that has been found in the Google Play Store. This app is designed to steal personal information and send it to the developers of TeaBot. The “play app” will allow you to check whether an application has been infected with this malware or not.
TeaBot, a banking malware, has been spotted in the Google Play Store once again. It’s disguised as a QR code application this time, and it’s already infected over 10,000 devices.
The virus authors used this method in January, and despite Google’s attempts to remove it, TeaBot has resurfaced in the official Android app store.
The programs, according to Cleafy, a company that helps financial institutions and banks combat online theft and fraud, function as droppers. Furthermore, the afflicted applications provide the promised feature or functionality, resulting in positive store evaluations.
The ‘trojanized’ programs ask for an update through a popup message after installation. Unlike the regular Play Store update method, however, this one comes from a third-party source.
The source was traced back to the user’s GitHub repositories (feleanicusor). Several TeaBot examples were posted to the repositories on February 17, 2022.
Official Android Repositories Have Been Breached Into.
Cleafy further claims that the virus used dropper programs to enter legitimate Android repositories.
In samples that the firm got in late February, an app published on Google Play Store known as “QR Code & Barcode Scanner” served TeaBot to users via a malicious update.
Cyber criminals typically use the following strategy: they submit a legitimate program to an official app repository, evade existing security checks, and then send an update that renders the software dangerous after a large user base has been created, in this case, over 10,000 users.
The bogus dropper in TeaBot’s instance asks for permission to download another program called “QR Code Scanner: an Add-On,” which contains the malware.
What Is the Process?
When you accept an update from an unknown source, the malware is installed as an app called ‘QR Code Scanner: Add-On’ on your Android smartphone.
The software normally opens immediately and asks for permission to use your device’s accessibility services in order to visualize the screen and capture screenshots of text messages, logins, and 2FA codes.
It also handles background tasks such as providing authorizations without the need for user participation.
To The World, TeaBot
The banking malware not only targets users in the United States, but it has now included Russian, Chinese, and Slovak languages, indicating that it is aimed at a broader audience.
Security Advice
There are a few things you can take to keep yourself secure from malware. They are, for example.
Limit the amount of applications you have on your phone.
When utilizing the Play Store as your main application source, restrict the amount of applications on your phone to a minimal to decrease the risk of being infected by banking trojans.
It’s also a good idea to keep an eye on your device’s battery life and traffic volume for the first few days after downloading a new app to look for any unusual trends.
Limit the rights that an application has.
Limit app privileges to reduce the number of potential access points. Allow just the features that are absolutely essential.
Keep your software up to date.
Updates and patches are frequently provided by software providers to address any new vulnerabilities. Install all new software updates as a recommended practice. Update your software and operating systems on a regular basis.
Anti-virus and anti-spyware software should be installed.
Anti-spyware and anti-virus software scans your computer for malware and removes it.
