TeaBot Trojan Infiltrates Google Play Store
Table of Contents
- By David Lukic
- Published: Mar 07, 2022
- Last Updated: Mar 30, 2025
The Google Play store might seem safe at first glance, but those who perform their due diligence will find it contains several malicious apps. These harmful apps have bypassed censorship attempts by concealing trojans within software updates. In particular, the banking trojan referred to as TeaBot and Anatsa is causing significant problems in the Google Play store.
Who Identified the TeaBot Trojan?
Digital security specialists with Cleafy recently discovered the TeaBot banking trojan. Though this is not the first instance in which TeaBot has caused problems for those who used Android devices, it faded into the background for a while before resurfacing in the past year.
What is TeaBot all About?
TeaBot is a form of malware that collects SMS messages along with login credentials from Android users. The malware steals information related to bank accounts, contact information, phone messages, and additional forms of private data.
All in all, TeaBot has compromised more than 400 financial and banking apps. The apps in question are used in the United States, China, and Russia.
How Does TeaBot Spread?
TeaBot is unique because it does not need a text message, email message, phony website, or any type of third-party service to transmit to devices. TeaBot is typically inserted into dropper applications. Droppers are best described as programs that appear to be harmless yet actually function as a means of transmitting nasty payloads.
TeaBot droppers have concealed themselves as PDF readers and even QR codes. Digital criminals typically use QR code scanning technology, scanners for PDFs, picture filters, and flashlights as such apps are used with regularity. As a result, users rarely scrutinize such apps before downloading them.
What is an Example of a TeaBot Attack?
As an example, Scanner App used for reading QR codes transmitted 17 unique TeaBot variants across the entirety of a month. Scanner App was downloaded more than 100,000 times prior to discovery. Additional examples of TeaBot droppers include PDF Document Scanner, QR Scanner 2021, and QR & Barcode – Scanner.
Is It Possible to Thwart TeaBot?
It is difficult for the Google Play store to halt TeaBot as it is latent as opposed to blatantly malevolent. The apps containing TeaBot seem legitimate. App stores have safeguards and policies in place to identify harmful apps, yet the challenge lies in identifying malicious apps that prompt users to download software updates after installation. The solution appears to be the scanning of app downloads in real-time.
It will also help if Google adds checks to widespread permissions in the context of application operability to obtain domain names and public IP addresses that are hardcoded. This approach would empower Google to screen that information for potential threats.
What is the Impact of TeaBot?
Users of apps that contain TeaBot that provide permission to add the new software open the door for infection. TeaBot obtains access to the target’s login credentials, 2FA codes, messages, and more, ultimately setting the stage for a litany of harmful actions.
Are TeaBot Attacks Slowing Down?
No. TeaBot attacks are on the rise. According to Cleafy, TeaBot has targeted 340 more applications in the year gone by than it did in the prior year. All in all, the TeaBot attacks have soared to more than 500% in a single year.
