Do not download this malicious Android app! It allows hackers to spy on your banking information, cryptos and SMS
Google Play Protect, Android’s built-in malware protection, is like an absent-minded bank security guard. It’s supposed to keep bad guys at bay, but every once in a while it drops the ball and puts its users in danger.
In late February, the Cleafy Threat Intelligence and Incident Response team discovered a malware-infected Android app that attracted more than 10,000 downloads on the Google Play Store.
The app, disguised as a QR Code & Barcode Scanner, was actually designed to infect devices with a Trojan called TeaBot. Shit, shit, shit!
TeaBot, also known as Anatsa, is a malicious program that spies on users’ sensitive information and steals victims’ credentials. As mentioned, a recent sample revealed that malicious actors were using a dropper app, an innocuous-looking QR Code & Barcode Scanner platform, to distribute TeaBot to unsuspecting users.
Interestingly, the QR Code & Barcode Scanner app looked genuine; the reviews indicated that the platform is legit and works well. However, the application had sinister motives.
“Once downloaded, the dropper will immediately ask for an update via a pop-up message. Unlike legitimate apps that update through the official Google Play Store, the dropper app will ask to download and install [TeaBot]”, Cleafy’s security team said.
After running the fake “update”, TeaBot will ask unwitting users for certain permissions, including the ability to view and control user screens.
Once the target accepts these permissions, TeaBot will wreak havoc on the device, allowing hackers to take control of the device and siphon off sensitive credentials such as banking information, SMS messages, data contact, etc.
Fortunately, Cleafy notified Google about the malicious app. The search engine technology giant removed the malware from the App Store. It’s no secret that Google Play Protect is inadequate. In 2021, AV-Test published a damning report revealing that Google Play Protect only detected two-thirds of the 20,000 malicious apps in its sample.
It should be noted that the TeaBot variant discovered by the Cleafy security team is new. It now targets crypto wallets and exchanges. On top of that, the original TeaBot only targeted around 60 apps; now he can infiltrate over 400.
Cleafy’s TeaBot discovery is a reminder that users should be careful what they download from the Google Play Store. Many apps seem harmless, but they have ulterior motives.