New malware is active on Android. The malware, which goes by the names Toddler, Teabot and Anatsa, aims to steal data for mobile banking. It is now clear that thousands of devices are already infected with the new malware.
Banking malware on Android
Last week we already wrote about the FluBot malware, which the Dutch police warns about, among other things. Deviously, users are persuaded to download an app for a so-called voicemail message. Now there is a warning about another malware variant that can cause victims. Security company Prodaft reports malware called Toddler. However, the names Teabot and Anatsa are also used. This one has one purpose; extracting data for mobile banking and appears to be spreading mainly via SMS. A link prompts you to download an APK file from an app.
Once installed, this rogue app will get to work. It lies like a layer over your own banking app. In this way, the data that is entered can be forwarded to the attacker of the malware. That is not the only thing, by the way. Prodaft reports that it can also steal 2FA codes, which are generated with the Google Authenticator. Furthermore, it can intercept text messages and take screenshots. The malware is sophisticated. To prevent users from uninstalling the app, the malware can start a smartphone in safe mode. There are also other tricks that are used to make removal almost impossible.
Initially, the malware targets Spanish users. However, Dutch, German, French, Italian and English texts have already been found in the malware’s code. The researchers saw that more than 7600 devices have already been infected by the malware. More than a thousand credentials have already been stolen.
Always be vigilant when clicking links, such as in text messages!