TeaBot, a banking Trojan that first hit the internet in 2021 through smishing campaigns, is back and targeting hundreds of financial apps…
The scariest thing about remote access trojans is that they can come at you from every digital direction. Attackers always find new ways to affect their victims, and some malware has been very ingenious in its adaptability — like TeaBot on Android phones. This banking bot originally tried luring people with “smishing,” or fake SMS messages designed as links advertising innocent services online; but now this pesky malware is fooling people by hiding within legitimate-looking Android apps.
Insidious TeaBot Banking Trojan is Targeting Hundreds of Financial Apps
Currently, there’s been a big jump in the number of TeaBot targets — at least 400 apps used for banking, cryptocurrency transactions, and digital insurance — and the malware has begun targeting victims in Russia, Hong Kong, and the United States.
TeaBot operates using “on-device fraud,” manipulating accessibility services and the infected device’s live-streaming ability in a way that permits attackers to remotely interact with phones and monitor them via key-logging. One of its latest known incarnations emerged via a QR code app on the Play Store, functioning as a poison pill-like dropper for the malware.
Of course, since the malicious code is well-concealed in genuine-looking apps, potential victims don’t suspect a thing. This gives the Trojan the ability to spread widely. In fact, just one QR code app on the Google Play Store racked up at least 10,000 installations. Consumers should obviously avoid any suspicious apps and only download those from legitimate, trusted sources.