Newly Android banking malware named “TeaBot” found by Cleafy security researchers .
According to the research, the TeaBot malware attack is known from January, and targeting financial apps, but more malicious attacks began in March 2021. Belgian and Dutch banks were targeted for more cyber attacks in the first week of May.
TeaTV, VLC Media Player, DHL, and UPS are used by the fake Android app to simulate media and package delivery services.
What it’s Impact?
- Ability to perform Overlay Attacks against multiple banks applications to steal login credentials and credit card information
- Ability to send / intercept / hide SMS messages
- Enabling key logging functionalities
- Ability to steal Google Authentication codes
- Ability to obtain full remote control of an Android device (via Accessibility Services and real-time screen-sharing)
It can disable your Phone security features
Once it downloaded, it will try to installed as an Android Service. The feature is abused by TeaBot to hide itself.
After the installation TeaBot will request the following Android permissions, which are mandatory to perform its malicious behaviour:
- Observe your actions
- Used to intercept and observe the user action
- Retrieve window content
- Used to retrieve sensitive information such as login credentials, SMS, 2FA codes from authentication apps, etc.
- Perform arbitrary gestures
- TeaBot uses this feature to accept different kinds of permissions, immediately after the installation phase, for example the REQUEST_IGNORE_BATTERY_OPTIMIZATIONS permission popup.
Last month, Flubot Android Malware has been discovered, that mimics a delivery tracking app and steals your mobile data including bank account information and passwords.
Government agencies have been issued Cyber security warning.
How To Protect Yourself?
- Do not click on unknown SMS messages link.
- Always install apps from legitimate app stores.
- Format your Android device completely.
- Do not install APK manually from third party. It should be a Malware that can steal your data.