New Banking Trojan Threatens Android Users

  • By Dawna M. Roberts
  • Published: May 24, 2021
  • Last Updated: Mar 18, 2022

Threat experts warn Android users of a new strain of malware designed to steal user credentials, passwords and take complete control of Android devices for financial fraud.

What is Happening?

TeaBot Malware

Monday, The Hacker News reported that cybersecurity researchers had identified a new threat to Android phone users. The malware Trojan steals user credentials, spies on SMS messages, and perpetrates fraud against banks in Spain, Italy, Belgium, Germany, and the Netherlands.

The new malware is called “TeaBot“ (or Anatsa) and started targeting financial institutions in late March 2021. Early May saw a rush of infections that involved Belgium and Netherland banks. Experts trace the malware back to the beginning of January. 

How Does TeaBot Work?

The Hacker News explains, 

“The main goal of TeaBot is stealing victim’s credentials, and SMS messages for enabling fraud scenarios against a predefined list of banks,” Italian cybersecurity, and online fraud prevention firm Cleary said in a Monday write-up. “Once TeaBot is successfully installed in the victim’s device, attackers can obtain a live streaming of the device screen (on demand) and also interact with it via Accessibility Services.”

The malicious Android application impersonates other legitimate apps to remain undetected. Some examples include VLC Media Player, UPS, DHL, and TeaTV. When installed, the program “acts as a dropper that not only loads a second-stage payload but also forces the victim into granting it accessibility service permissions, The Hacker News explains.”

The final stage of infection allows the hacker to remotely control the device in real-time. Once they have achieved full control, they can take screenshots, intercept SMS messages, and inject “malicious overlays on top of login screens of banking apps to steal credentials and credit card information.”

Although in its first iteration, TeaBot is also capable of evading detection by disabling Google Play Protect. Even more alarmingly, the program can access Google Authentication codes, allowing bad actors to hack into various other Google-related services and user accounts. Threat experts say the malware can exfiltrate data every 10 seconds and copy it to a remote server. 

The Hacker News warns that 

“Android malware abusing accessibility services as a stepping-stone for perpetrating data theft has witnessed a surge in recent months. Since the start of the year, at least three different malware families — Oscorp, BRATA, and FluBot — have banked on the feature to gain total control of the infected devices.”

How Can Android Users Stay Safe?

Although the Google Play store has in place some safety precautions, there is no guarantee against infections and malicious software getting onto the device. As evidenced with TeaBot, some of these programs can disable those protections and impersonate legitimate apps. Some ways to remain safe and keep your device malware-free are:

  • Never download software from untrusted sources. Always use the Google Play store but do your research first and make sure you are getting the authentic program. Check out the author, ratings, and other key pieces of information so you know it’s not a ruse.

  • Install good antivirus/anti-malware software on your device and run deep scans often.

  • Never click links in email or download attachments.

  • Watch out for phishing emails.

  • Verify everything before taking any action.

  • Never click ads or links in social media or text messages when they come to you unsolicited. 

  • Use common sense, and when you see something that appears to be “too good to be true,” it probably is.

  • Keep your Android device updated with the latest operating system and security patches.

  • Update all apps too. 

Hackers and cybercriminals are constantly evolving, and you have to be on top of things and aware of the dangers to stay safe.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What is Digital Citizenship? Etiquette & Examples

What is Digital Citizenship? Etiquette & Examples

When someone is born on US soil, they are a national citizen; with this distinction, they obtain a list of entitlements and benefits, as well as societal obligations and predetermined consequences for bad behavior.

What Does Incognito Mean, How Does It Work, and Is It Really Safe?

What Does Incognito Mean, How Does It Work, and Is It Really Safe?

How do you browse the Internet? Using a primary browser, you can turn on "incognito mode," which increases your privacy on singular devices but is also less concealing than other privacy tools like virtual private networks (VPNs).

AI Voice Cloning: The New Frontier for Cybercriminal Fraud and How to Protect Yourself

AI Voice Cloning: The New Frontier for Cybercriminal Fraud and How to Protect Yourself

Many members of the younger generations avoid answering phone calls. On the one hand, this avoidance may be personal, as voice calls can sometimes cause anxiety; however, there is more to these rejections than nervousness.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address