The new malware mainly attacks banking applications

Unfortunately, malicious applications are still a major problem in Android, and in recent months the most common malware has been the well-known Joker. Portal LatestHackingNews now draws attention to a new type of malware named TeaBot, which targets primarily banking applications.

Malware is disguised as popular applications

The malware was discovered by company experts Cleafy. It is currently spreading mainly in Europe and is aimed at customers of banking institutions. The malware works on the principle of sending SMS messages that contain a link in order to download an application that should, for example, enable tracking of a delivered shipment of services such as DHL or UPS.

Of course, it also uses other types of applications that it tries to imitate. These include multimedia applications such as TeaTV and VCL MediaPlayer. The potential victim can thus be confused with the logo and name of a well-known company or application. The malicious application, which it downloads to your smartphone via a link, then often allows all the permissions it requires without thinking.

With these permissions, malware can take screenshots, overlay other applications, and track the text you fill in application text boxes. Its main goal is to obtain information about your payment cards and passwords for bank accounts. The data obtained in this way is then sent to the attacker via encrypted communication.

TeaBot can also bypass Google security

Another problem is that TeaBot malware can bypass the Google Play Protect control system. In addition, it can access the Google Authenticator application and capture verification SMS messages. Currently, the malware is localized into Spanish, Italian, German, Dutch, French, and English. Not surprisingly, he has so far attacked mainly in countries with these official languages.

In January 2021, he launched an active campaign against customers of Spanish banks. Since then, the malware has undergone various modifications to expand its target list. By March 2021, the malware had attacked German and Italian banks. Until May 2021, he focused on Belgian and Dutch banks. It is only a matter of time before it appears in other countries, including Slovakia.