14 DAY TRIAL // According to a recent security report, TeaBot targets its victims by pretending to be Kaspersky's, the famous antivirus program. TeaBot highlights the dangers of downloading Android apps from unauthorized marketplaces, says Cyware.
The fraudulent app dubbed Kaspersky Free Antivirus masqueraded as the genuine program, Kaspersky Internet Security for Android.
The fake app spreads the TeaBot banking Trojan, also known as HEUR: Trojan-Banker. AndroidOS.Teaban (Trojan-Banker) or HEUR: Trojan-Banker AndroidOS.Region is an abbreviation for Android Operating System.
Installing the app requires high access privileges, such as Accessibility Services.
TeaBot (aka Anatsa) has enormous capabilities due to these permissions, such as keylogging and stealing Google Authenticator codes. In fact, Accessibility Services can be used to gain complete remote control of compromised Android devices.
According to a report from Bitdefender, the latest campaign involving fraudulent Android software began in early December 2020.
TeaBot and FluBot masquerade as legitimate government and corporate apps
Recently, fake apps have been discovered spreading TeaBot and FluBot under the guise of well-known government, banking, fitness, and reading apps.
TeaTV, VLC MediaPlayer, Mobdro, DHL, UPS, boost, and prominent banking apps such as Bankia Wallet, BankinterMovil, BBVA Spain, Bankia, Openbank, Cajasur, and Ibercaja are among the counterfeit brands.
TeaBot and other threats trying to entice its users by posing as well-known apps and companies. To protect themselves, experts advise avoiding software downloads from untrusted websites or emails, as well as messages from unknown users. Users should be cautious when searching for these programs and look directly in a reputable app store instead of doing an open search on the Internet.
While TeaBot's activity has been detected since January, further aggressive attacks against financial apps began in late March 2021. TeaBot appears to be using the same decoy as FluBot, posing as harmless shipping apps in an attempt to avoid discovery. There has been an uptick in Android malware that leverages accessibility services as a stepping stone to collect data in recent months.