Newsletter
Just a couple of weeks after we came across an Android banking malware known as Xenomorph, a new report is shedding light on another Remote Access Trojan (RAT) for Android known as “TeaBot.”
According to cybersecurity firm Cleafy, the TeaBot trojan was hiding within an app called “QR Code & Barcode – Scanner,” which has seen thousands of downloads on the Google Play Store. The TeaBot malware intends to steal unsuspecting users’ financial credentials and other information via texts (SMS), Cleafy claims.
Thankfully, Google has since removed the app. However, Tom’s Guide claims that the company took its sweet time to remove it. To make matters worse, the app’s reviews were reportedly positive at the time of its removal, thus tricking innocent users into downloading the app.
The TeaBot malware can also bypass two-factor authentication or 2FA
This either means the reviews were fake or that the developers ensured the app looked as convincing as possible. A closer look at the screenshots shared by Cleafy suggests it’s the former. One of the first reviews from the now removed app is clearly for a bar and not a barcode scanner. “This bar is brilliant, has been since they reopened & continues to maintain high standards of sanitizing,” the review says.
Moreover, the app developer is named “QR BarCode Scanner Bussiness LLC,” which raises several red flags. But it’s clear that despite all these warning signs, many users have fallen prey to this malware.
The maneuvers of this malicious app can also bypass 2FA security by gaining access and control of the screen. This is possible by installing a fake update containing TeaBot by requesting the Accessibility Services permission to receive access to the screen and other device functions.
If you’ve downloaded this app, you could be at risk
If you’ve downloaded this malicious app in the past, we suggest getting in touch with your bank to spot any irregularities. Cleafy said the TeaBot trojan mainly affected banks and customers across the U.S., Hong Kong, and Europe. A handful of cryptocurrency wallets and exchange services were also impacted.
With the app now removed from the Play Store, there’s no concern about the app spreading further. However, customers who still have the app are still at risk. Keeping this in mind, we strongly recommend removing this particular app from your devices right away. As Phone Arena points out, customers who use QR code scanner apps from developers like Simple Design and Gamma Play are safe.
