Android: New malware targets banking apps across Europe

A new Trojan horse has just been identified on devices equipped with Android by security researchers. The latter explained on Monday that once it is successfully installed in the victim’s device, cybercriminals can get a live feed from the device’s screen, and also interact with it through its services. accessibility.

This malware, dubbed “Teabot” by security researchers at Cleafy, has been used to hijack user credentials and text messages, in order to facilitate fraudulent activity against mobile banking services in Spain, Germany, Italy, Belgium and the Netherlands.

Cleafy’s Threat Intelligence and Incident Response team discovered the banking Trojan in January. She found that it allowed more than 60 banks in Europe to be defrauded. On March 29, Cleafy analysts discovered that the Trojan was being used against Italian banks, and in May, banks in Belgium and the Netherlands were also facing it.

France also affected

Research shows that Teabot is still in development, but initially focused on Spanish banks, before going after German and Italian banks.

The malware currently supports six different languages, including French, Spanish, English, Italian, German, and Dutch. The application was originally called TeaTV, before changing the title several times to adopt the names of “VLC MediaPlayer”, “Mobdro”, “DHL”, “UPS” and “bpost”.

“When the malicious application has been downloaded to the device, it attempts to be installed as an ‘Android Service’, which is an application component that can perform long-running background operations. TeaBot abuses this feature to silently hide itself from the user, once installed, also preventing its detection and ensuring its persistence, ”says the report from Cleafy researchers.

Tactics as old as the world

Once TeaBot is installed, it asks for Android permissions to observe your actions, retrieve window content, and perform arbitrary gestures. When permissions are granted, the app removes its icon from the device, according to Cleafy’s study.

For Saumitra Das, CTO of cybersecurity firm Blue Hexagon, Teabot represents a shift in mobile malware, which goes from being a secondary problem to a common one, just like malware on traditional endpoints. “Cyber ​​attackers realize the true potential of mobile devices and the threat they can pose to the end user,” explains the researcher.

“It’s important to remember that while the apps aren’t on Google Play, the phishing and social engineering tactics used by the actors behind Teabot / Flubot are as effective as any family of threats on PC. These threats should not be underestimated. “

Source: .com

Back to top button