Discovered in May last year, the TeaBot Trojan is back and this time it has a new way to attack. Malware has been found on the Google Play Store in the form of a new app that has been downloaded over 10,000 times.
According to Cleafy experts, at first glance the app appears to be a simple QR and barcode scanner, with reviews describing it as legit. However, the QR Code & Barcode Scanner comes as the first step in the chain of infection, working like a dropper.
Click on the images for more details
Investigators say that while downloading it, a popup message appears asking the victim to update. During this process, permission is requested to install a second application called QR Code Scanner: Add-On, which contains the TeaBot Trojan.
Upon installing the second app, which is downloaded from two GitHub repositories, the malware attempts to obtain a set of permissions including display and screen control, so that it can collect information sensitive, as well as monitor what is done by the user and interact with other applications.
Cleafy explain that One of the biggest differences between the current version of TeaBot, compared to the samples discovered in May 2021, is the increase in applications that are in its “view”, which has recorded a growth of more than 500% in less than ‘a year. This includes home banking apps, insurance, as well as cryptocurrency wallets.
Additionally, over the past few months, malware has taken on more languages, finding increasingly sophisticated ways to stay undetected by anti-malware solutions available on the market.
Apparently, the QR Code & Barcode Scanner seems to have already been removed from the Play Store. However, if you have installed it on your smartphone, you should remove it immediately, scan the device with a security solution and, if necessary, reset it.