Security researchers from Cleafy announced on Monday, May 10, 2021, that it had discovered a new Android Trojan malware called TeaBot. The trojan reportedly hijacks the users’ credentials and gains unauthorized access to text messages to conduct fraudulent activities to banks across Europe.
The new malware has been called TeaBot by security researchers from Cleafy primarily because it appears to be a new strain and does not bear similarities to other banking trojans in existence, as pointed out by the team in its full technical analysis blog post dated May 10, 2021.
TeaBot is supposedly designed to obtain the users’ credentials and SMS messages. Once the new Android malware trojan has been installed, malicious hackers can gain access to the live stream of the device, reports ZD Net. The new site also said that hackers can control the user’s device through Accessibility Services.
In its blog post, the Cleafy team said, “When the malicious app has been downloaded on the device, it tries to be installed as an “Android Service,” which is an application component that can perform long-running operations in the background.”
“This feature is abused by TeaBot to silently hide itself from the user, once installed, preventing also detection and ensuring its persistence,” continued the team’s analysis.
The security researchers from Cleafy initially discovered the new Android banking trojan earlier this year around January 2021, with the malware being enabled against over 60 banking institutions across Europe, reports ZD Net.
Softpedia News states that TeaBot has taken to disguising itself as media and package delivery services applications. These mobile apps include the likes of DHL, TeaTV, UPS, and VLC Media Player.
Cleafy first discovered the trojan used against banks in Italy on March 29, 2021. By May 2021, the same strain was found in banks in Belgium and the Netherlands. ZD Net states researchers found that the malware was geared towards Spanish banks, but later on, moved to be used in Germany and Italy.
Among the actions that can be performed by the TeaBot once installed include intercepting and observing user actions, obtaining window content and other sensitive information such as login credentials, two-factor authentication codes, and accept all kinds of permissions.
Once the necessary permissions have been granted, this malware will proceed from removing its icon from the device, reports ZD Net.
Because of the extensive malware trojan infections, Softpedia News reports that both the United Kingdom and Germany have issued warnings regarding phishing attacks coursed through text messages.
