If you have an Android phone in your pocket, there’s a chance you’ve accidentally downloaded an app from the Google Play Store that’s trying to steal from your bank account. Security experts have issued a warning about the vicious TeaBot malware, which is beginning to spread rapidly across the world and is designed to steal passwords for bank accounts.
TeaBot was first discovered back at the start of 2021, but it’s now seeing a resurgence. The team at Cleafy say they’ve spotted a new app that’s laced with TeaBot. To make matters worse this QR Code reader, called QR Code & Barcode Scanner, was available to download from the Google Play Store with unsuspecting users downloading it thousands of times.
Once installed, the app uses a clever trick to infect the phone with users asked to install an innocent-looking update.
However, unlike legitimate apps that perform the updates through the official Google Play Store, this software comes via an unofficial source that allows it to bypass Google’s tough security measures to protect Android users from malware like TeaBot.
This is how the malware is introduced onto your system. From there, the malware takes control and begins trying to get numerous permissions, including the option to view and control the screen and view and perform actions without the owner knowing.
If granted, these permissions are then used to retrieve sensitive information such as login credentials, SMS messages and two-factor authentication codes from the device’s screen.
What makes this latest attack more frightening is that the QR Code & Barcode Scanner app appears to work well and had actually received good reviews from Play Store users.
This makes spotting the issue much harder as many Play Store users would be completely oblivious to what the application is capable of.
Speaking about the threat, Cleafy said: “On February 21, 2022, the Cleafy Threat Intelligence and Incident Response (TIR) team was able to discover an application published on the official Google Play Store, which was acting as a dropper application delivering TeaBot with a fake update procedure. The dropper lies behind a common QR Code & Barcode Scanner and, at the time of writing, it has been downloaded +10.000 times. All the reviews display the app as legitimate and well-functioning.”
If you think you may have installed this app it’s a good idea to remove it and check all of the permissions you may have unknowingly granted it.