Cleafy, a company specialized in cyber security, announced that it has discovered a new malicious program or malware called TeaBot, a Trojan designed to affect mobile devices with Android operating system that this year has already attacked at least 60 European banks due to its ability to steal victims’ credentials, access their SMS and remotely control the phone.
This threat was initially discovered in January, and on March 29 the first injection against Italian banks was detected, while at the beginning of May it began to expand and has also affected entities in Belgium and the Netherlands. The ‘malware’ has managed to extract user information from more than 60 European banks, and in fact includes text in different languages, among which is Spanish and also Italian and German. TeaBot, which does not belong to any known ‘malware’ family, abuses the Accessibility Services of the Android operating system, a technique commonly used by banking Trojans.
On a technical level it is very similar to Flubot. TeaBot hides itself under the name DHL, UPS, VLC MediaPlayer or Mobdro, that is, it pretends to be other applications. Once we install it, it asks us for accessibility permission and, when it has it, we have already fallen into the trap.
what are the capabilities that TeaBot malware can do
Once the Trojan manages to infect the user’s device, it manages to manipulate the system’s screen overlay functions in order to obtain the credentials of the accounts in digital banking services and the credit card information of the victims.Undoubtedly, this malware is capable of many things and that is why it is very dangerous.
▸Send and intercept SMS messages
▸Read phone status
▸Modify sound settings to silence the phone
▸Show a pop-up about other apps so that we accept permissions
▸Delete apps without permission
See also:
ADB Miner – Malware that mines on Android Devices
What kind of spyware does Android face
