What is more worrying is the trend, since so far in 2021 there has been too much malware for our liking, exceeding the average of normal. System Update, Flubot, WhatsApp Rosa, and BRATA are some of those that cybersecurity researchers have discovered, and we are only in May.
This is how this banking Trojan works
To be clear and concise, it is a new malware that affects only Android and has been discovered by Cleafy, the cybersecurity company. As stated in their report, TeaBot is a banking malware that tries to steal victims’ credentials and SMS messages to access the bank’s data.
When clicking on the link that comes in the text message, a web page very similar to MRW’s is opened and it asks us to let’s install an application from outside the Play Store to track our package.
Once it is installed on the victim’s mobile, attackers can remotely view and control the screen, thanks to the accessibility permission, which allows complete control over the device. These are some of the actions you can take, although the summary is that can control all mobile.
- Send and intercept SMS messages
- Read phone status
- Modify sound settings to silence the phone
- Show a pop-up about other apps so that we accept permissions
- It is capable of deleting applications
On a technical level, it is very similar to Flubot. TeaBot hides under the name of DHL, UPS, VLC MediaPlayer, or Mobdro, that is, impersonate other applications. Once we install it, it asks us for accessibility permission and, when it has it, we have already fallen into the trap.
This new banking malware can bypass Google’s malware review system, called Google Play Protect, intercept the verification SMS messages sent to us by our bank, and even access the codes of the Google Authenticator double authentication.
Avoid downloading Teabot, especially if you are Spanish
TeaBot is attacking all over Europe, with Spain as the main victim, followed by Germany, Italy, and Belgium. The researchers say that it is in its early stages of development, so it could behave more aggressively over the next few weeks. That is more worrying than the fact that there is malware circulating.
As we mentioned, or rather as they assure in this company, it is being primed especially with Spain and with the country banks. This makes it much easier for them to access users’ bank details and accounts to do who knows what with that money.
The solutions are few if you have already clicked on that message and installed the application, beyond taking drastic measures on your bank account and contacting the bank. If that situation has not yet reached you, the arrangement is much simpler.
To avoid falling into this type of malware basically, We recommend that you do not install third-party APKs Unless you are clear about their origin and operation. In addition to this, do not give accessibility permissions lightly, since they can completely control your device through it.