Healthcare
Education
IT & Telecom
Government
CISO/CTO
DevSecOps
Product
Our Product
We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.
Solutions
By Industry
BFSI
Healthcare
Education
IT & Telecom
Government
By Role
CISO
Application Security Engineer
DevsecOps Engineer
IT Manager
Resources
Resource Library
Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.
Subscribe to Our Weekly Threat Digest
Company
Contact Us
Have queries, feedback or prospects? Get in touch and we shall be with you shortly.
RAT
Google Play Store
QR Code
TeaBot: revamped banking trojan resurrected to steal SMS & other credentials of android users
TeaBot resurrected with evolved malware distribution tactics active across Google Play Store, primarily circulating through OR Code Apps…
05-Mar-2022
2 min read
Cleafy Researcher found infamous banking Trojan TeaBot (known as Anasta and toddler) is spotted on Google play again. This is not the first time TeaBot has affected android users. Dutch cyber security researchers first spotted it last year.
This RAT is designed to sniff login credentials, SMS messages, etc. It is intended to affect banking/financial applications mainly, and applications like (QR Barcode Scanner Business LLC) have already affected more than 400 banking/financial apps worldwide, targeting countries like the USA, Russia, China which are more than 500% sharp compared to the previous year (60 – 400). It has added other languages to target more countries.
TeaBot requires no third-party help to attack the application (email, website, etc.); its unique feature is that it can stay calm for an extended period and then attack. TeaBot comes with the dropper, which seems legitimate to the users from outside, but it attacks the second stage when it asks its users to install updates from unauthorized sources, mainly from Github.
Now TeaBot hides in QR Reader or PDF Reader, Photo filter because people usually don’t consider these apps malicious and usually download that. This tactic has been in use since last year; recent apps like QR – Code Reader and scanner were found distributing 17 types of TeaBot malware; more than 100,000 users had downloaded these apps before the google play store took it down.
####Mitigation or Remediation from TeaBot Trojan
- To mitigate or minimize the chances of this Trojan, it is advisable to keep the number of installed apps on your device at a minimum.
- Whenever you install any app on your device, for someday user should monitor Network traffic volume and Battery Consumption; if you find something fishy in application behavior, user should delete the recently installed an application.
- If you have “QR Barcode Scanner Business [sic]LLC installed on your device then deletes it immediately.
- Do not download/Install applications/Add-on/Update apps from an unauthorized source or third-party websites.
Related Articles
Solutions
Secure Blink automates the web application and API security for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.
Find Us Online
contact@secureblink.com
