Cheval de Troie

this android app hides malware designed to steal your money

An application available on the Google Play Store actually hides a very dangerous Trojan capable of stealing your banking data. The concern, that this application is very popular, since it has been downloaded more than 10,000 times.

Trojan horse

It is a very vicious Trojan that hides in an Android application and named TeaBot (also known as Anasta). Discovered in May 2021, it is making a comeback on the Play Store hidden within an application very popular downloaded over 10,000 times.

It was the firm specializing in security Cleafy which revealed the case on February 22. On the Play Store, an application named QR Code & Barcode Scanner indeed hides this malware. This is a harmless application at first sight, but above all practical since it allows you to scan QR Codes, as its name suggests. But be careful, it’s a trap!

Malware lurks on Android

As it is, the application is harmless, which allows it to be validated by Google and therefore present on the PlayStore. The modus operandi is vicious: once the software is installed, it sends the user a notification indicating that an update is available. When the user clicks on it, the TeaBot malware is downloaded (without going through the Play Store).

Read also – Beware, this Android malware deletes data from your smartphone and empties your bank account

Once done, the application asks for permissions again from the user who, if he is not attentive, will accept without looking. The trap then closes on him, since the Trojan has access to all its data, be it login credentials or SMS. It can also perform actions by itself without the user realizing it.

Cleafy indicates that since 2021, TeaBot has evolved well, since this malware can interact with more than 400 software. The targeted applications are essentially those dedicated to banking, insurance or cryptocurrency. In short, anything that could allow him to steal money. Cleafy obviously warned Google, which removed the application from its Store. It was all the more deceitful since many software programs have almost the same name, which could lose the user who only looked to scan a QR Code and downloaded the first app he saw without asking any questions.

Source: Ars Technica

Leave a Comment

Your email address will not be published.