There’s a new banking malware that is wreaking havoc on banks in Europe, particularly in Italy, the Netherlands, Germany, and Belgium.
Experts from Cleafy have discovered this banking malware, and dubbed it TeaBot. But how dangerous is this new malware?
Security researchers said that once the malware has been successfully installed in the victim’s device, cybercriminals can obtain a live stream from the device.
Plus, they can interact with it using the device’s Accessibility features.
- WARNING: New Android malware steals banking passwords, bypasses two-factor codes
- Microsoft Edge extension called “The Great Suspender” is flagged as malware
- Google Drive bug can fool you into installing malware
A new Android banking malware stealing users’ credentials
On Monday, cybersecurity experts said that there is a new Android banking trojan that hijacks users’ credentials and SMS messages.
Once they have successfully installed the malware in the victim’s device, they will use it to solicit fraudulent activities against banks in Belgium, Italy, Germany, Spain, and the Netherlands.
Additionally, the experts claimed that the TeaBot malware is still in its early stages of development.
Security experts warned that the malware is going to be a huge threat with a dangerous potential. This needs to be neutralized as early as possible.
What many don’t know is that the hackers were able to use the new malware to conduct dubious activities back in late March. And in the first week of this month, they have attacked several financial apps in Belgium as well as banks in the Netherlands.
How does the TeaBot malware works?
Cleafy’s Threat Intelligence, together with the Incident Response team, first discovered the banking malware in January. The teams found that suspicious activities against over 60 banks across Europe.
By late March, Cleafy researchers also found out that the malware was being used against banks in Italy. Then, by May, the malware has been wreaking more havoc on banks in Belgium and the Netherlands.
Initially, the researchers focused on banks in Spain before turning their attention to banks in Germany and Italy. The malware is currently supporting six different languages: English, Dutch, French, Italian, German, and Dutch.
When the malicious app has been downloaded on the device, it tries to be installed as an “Android Service,” which is an application component that can perform long-running operations in the background. This feature is abused by TeaBot to silently hide from the user, once installed, preventing also detection and ensuring its persistence.Cleafy researchers published in a post.
Once the TeaBot app has been successfully installed, it will request Android permissions to observe the user’s actions. Eventually, it will retrieve window content, and perform arbitrary gestures.
And according to Cleafy’s study, when the permissions are granted, the app will remove its app icon on the device.
Be alert with this banking malware on your Android device
Experts are worried about how rapid the spread of mobile malware has become –– from just being a sideline issue to becoming a mainstream issue. And not just first-world countries have fallen victim to it, which is also very alarming.
According to the CTO of cybersecurity firm Blue Hexagon, Saumitra Das, “threat actors realize the true potential of mobile devices and the threat they can pose to the end-user.”
“It is important to remember that even though the apps are not on Google Play, the phishing/social engineering tactics used by the actors behind TeaBot/Flubot are as good as any threat family on the PC side; that within a short time frame, they can manage to get a huge infection base. These threats should not be underestimated,” he added.
Protect your Android device now: