2021 is being a year with malware as the protagonist on Android. After System Update, WhatsApp Rosa and BRATA, cybersecurity researchers have discovered a new malware under the name of 'TeaBot'.
It is a banking Trojan which mainly attacks European banks and that is having a special impact in Spain. It is capable of stealing victims' credentials, accessing their SMS and remotely controlling the phone.
This is TeaBot, a new and dangerous banking malware
After Flubot, the SMS malware, comes TeaBot, a new malware that affects only Android and has been discovered by Cleafy, a cybersecurity company. As reported in the report, TeaBot is a banking malware that tries to steal victims' credentials and SMS messages to access the bank's data.
Once the APK is installed and accessibility permissions are given, the attackers can have absolute control over our phone
Once it is installed on the victim's mobile, attackers can remotely view and control the screen, thanks to the accessibility permission, which allows complete control over the device. These are some of the actions you can take, although the summary is that can control all mobile.
- Send and intercept SMS messages
- Read phone status
- Modify sound settings to silence the phone
- Show a pop-up about other apps so that we accept permissions
- It is capable of deleting applications
TeaBot is attacking all over Europe, with Spain as the main victim, followed by Germany, Italy and Belgium. The researchers say that it is in its early stages of development, so it could behave more aggressively over the next few weeks.
On a technical level it is very similar to Flubot. TeaBot hides under the name DHL, UPS, VLC MediaPlayer or Mobdro, that is, impersonates other applications. Once we install it, it asks us for accessibility permission and, when it has it, we have already fallen into the trap.
To avoid falling into this type of malware We recommend that you do not install third-party APKs Unless you are clear about its origin and operation. In addition to this, don't give accessibility permissions lightly, since they can completely control your device through it.
More information | Cleafy