New Banking Trojan Threatens Android Users

  • By Dawna M. Roberts
  • Published: May 24, 2021
  • Last Updated: Mar 18, 2022

Threat experts warn Android users of a new strain of malware designed to steal user credentials, passwords and take complete control of Android devices for financial fraud.

What is Happening?

TeaBot Malware

Monday, The Hacker News reported that cybersecurity researchers had identified a new threat to Android phone users. The malware Trojan steals user credentials, spies on SMS messages, and perpetrates fraud against banks in Spain, Italy, Belgium, Germany, and the Netherlands.

The new malware is called “TeaBot“ (or Anatsa) and started targeting financial institutions in late March 2021. Early May saw a rush of infections that involved Belgium and Netherland banks. Experts trace the malware back to the beginning of January. 

How Does TeaBot Work?

The Hacker News explains, 

“The main goal of TeaBot is stealing victim’s credentials, and SMS messages for enabling fraud scenarios against a predefined list of banks,” Italian cybersecurity, and online fraud prevention firm Cleary said in a Monday write-up. “Once TeaBot is successfully installed in the victim’s device, attackers can obtain a live streaming of the device screen (on demand) and also interact with it via Accessibility Services.”

The malicious Android application impersonates other legitimate apps to remain undetected. Some examples include VLC Media Player, UPS, DHL, and TeaTV. When installed, the program “acts as a dropper that not only loads a second-stage payload but also forces the victim into granting it accessibility service permissions, The Hacker News explains.”

The final stage of infection allows the hacker to remotely control the device in real-time. Once they have achieved full control, they can take screenshots, intercept SMS messages, and inject “malicious overlays on top of login screens of banking apps to steal credentials and credit card information.”

Although in its first iteration, TeaBot is also capable of evading detection by disabling Google Play Protect. Even more alarmingly, the program can access Google Authentication codes, allowing bad actors to hack into various other Google-related services and user accounts. Threat experts say the malware can exfiltrate data every 10 seconds and copy it to a remote server. 

The Hacker News warns that 

“Android malware abusing accessibility services as a stepping-stone for perpetrating data theft has witnessed a surge in recent months. Since the start of the year, at least three different malware families — Oscorp, BRATA, and FluBot — have banked on the feature to gain total control of the infected devices.”

How Can Android Users Stay Safe?

Although the Google Play store has in place some safety precautions, there is no guarantee against infections and malicious software getting onto the device. As evidenced with TeaBot, some of these programs can disable those protections and impersonate legitimate apps. Some ways to remain safe and keep your device malware-free are:

  • Never download software from untrusted sources. Always use the Google Play store but do your research first and make sure you are getting the authentic program. Check out the author, ratings, and other key pieces of information so you know it’s not a ruse.

  • Install good antivirus/anti-malware software on your device and run deep scans often.

  • Never click links in email or download attachments.

  • Watch out for phishing emails.

  • Verify everything before taking any action.

  • Never click ads or links in social media or text messages when they come to you unsolicited. 

  • Use common sense, and when you see something that appears to be “too good to be true,” it probably is.

  • Keep your Android device updated with the latest operating system and security patches.

  • Update all apps too. 

Hackers and cybercriminals are constantly evolving, and you have to be on top of things and aware of the dangers to stay safe.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What You Need to Know about the Scholastic Data Breach

What You Need to Know about the Scholastic Data Breach

Established in 1920, Scholastic is an American-based multinational and the largest publisher and distributor of children's books globally.

Massive Credit Card Leak Discovered by LEAKD.COM

Massive Credit Card Leak Discovered by LEAKD.COM

Recently, the security team at LEAKD. COM discovered that about 5 million United States credit cards and users' personal details had been leaked online.

How the SMS Hack Exposed U.S. Telecom Security Risks

How the SMS Hack Exposed U.S. Telecom Security Risks

Popularly known as text messages, SMS messages are one of the widely used communication channels by Americans. They are generally used for various purposes.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close