While the Google Play Store is home to millions of useful Android apps and games, it somehow has malicious apps too, which have posed a privacy threat to users. A new malicious app has now been discovered, which can carry a new banking trojan dubbed “TeaBot,” designed to steal sensitive user data like passwords, bank credentials, and text messages on your Android phone. Let’s take a closer look at the details below.
The TeaBot banking trojan, also known as Toddler and Anatsa, was first discovered back in May 2021. At that time, it targeted European banks and stole two-factor authentication (2FA) codes sent by text messages. However, a report from malware and online fraud prevention platform Cleafy now states that the malware has evolved and is now being used to target users in Russia, Hong Kong, and the USA.
Once the second app was installed, it asked for permissions to view and control the device’s screen to gain sensitive user data such as SMS, login credentials, and 2FA codes. Moreover, the trojan also recorded keyboard entries of the user, much like other banking malware, to retrieve sensitive information.
“Since the dropper application distributed on the official Google Play Store requests only a few permissions and the malicious app is downloaded at a later time, it is able to get confused among legitimate applications and it is almost undetectable by common antivirus solutions,” the Cleafy researchers wrote in the report.
