Nicknamed “Teabot” by security researchers at Cleafy, the malware is able to read your text messages to allow cybercriminals to connect to your bank.
We knew Flubot to which the United Kingdom’s National Cyber Security Center (NCSC) alerted last April. People targeted by this malware received a fraudulent SMS claiming to come from a delivery service such as DHL or Amazon. The message invited victims to click on a link to install an application to track their package. But it was actually a trap. Once the app was installed, it sucked up your personal data and notably accessed your banking information.
This time, it is the Cleafy researchers who announce that they have discovered a new banking malware in January. Her name ? Teabot. Once installed on the victim’s device, cyber criminals can have live access to what is displayed on your screen. Through a kind of SIM swapping, the malware hijacks user credentials as well as their text messages in order to facilitate fraudulent activities against banks that still use one-time dual authentication. In the worst case, your bank account can be checked and emptied without your knowledge.
The malware is translated into six languages, including French
Originally Teabot pretended to be an IPTV application called TeaTV. Since then, the malware has been rampant in several other fake applications such as VLC MediaPlayer, DHL, or even UPS.
“When the app is downloaded to a device, it tries to install itself as an ‘Android service’, a system service that allows it to perform long operations in the background. Teabot then abuses this functionality to hide itself, allowing it, once installed, not to be unmasked, and thus to ensure its persistence ”.
During installation, the malware requests several Android permissions to observe the victim’s actions, recover their data, and perform arbitrary gestures from a distance. Once permissions are granted, the app removes its icon from the device. The malware currently supports six different languages: Spanish, English, Italian, German, French and Dutch.
As a reminder, installing an Android application from a website should be done if and only if you have full confidence in the source. If you have any doubts, prefer more classic application stores like the Play Store.