An emerging Android malware is exposing victims to significant cybersecurity risks. This is according to recent disclosure from specialists early this week. The experts claim the malware hijacks credentials from users, including their SMS information. These events have put countries like the Netherlands, Germany, Belgium, and Spain at risk.
The malware, also known as ”TeaBot,” is still developing. But, its malicious attacks targeted financial applications in late March. Later in May, Belgium and the Netherlands recorded the first case of this Android Trojan. And the very first signs of this TeaBot unveiled in January this year.
How Does Android Malware Attack Victims?
Like most cybersecurity threats, this malware has its specific targets. And in this case, TeaBot’s primary goal is stealing the victim’s details and SMS information. All this while risking the integrity of some enlisted banks in the said countries. This was according to the latest report from Cleary, an Italian online fraud prevention and cybersecurity firm.
Upon TeaBot’s installation on devices, the criminals can access whatever they want. They can do so on-demand or through live streaming. At some point, all they need is to control the Accessibility Services. The app comes as a media player application or packages delivery in disguise. It can either be a VLC Media Player, UPS, and DHL. One way it takes control of devices is by demanding accessibility permissions.
The Android Trojan comes in stages. The last phase of the attack ensures it can interact with the device in real-time. It does so by allowing for keystroke records and taking screenshots. Not only that, but also it adds other malicious control during log-ins. When the process succeeds, the victims risk losing their credit card data or more.
TeaBot also can interfere with Google Play Protect. It can also access and intercept Google Authenticator 2FA Codes and SMS messages, respectively. Upon collection of the information, the attackers receive them on a remote server. All these happen on a record of 10 seconds.
The Way Forward After the Android Malware Emergence
The truth is, cases of Android malware accessibility threats are not new. The trend has risen over the recent months allowing the perpetrators to steal data. Since last year, three severe cases of different malware were on record. Flubit, BRATA, and Oscorp have all been able to have access to victim’s devices.
TeaBot, though a new Android Trojan, employs a similar decoy to FluBot. The two are on record to pose as harmless applications to mislead the unsuspecting users. In fact, in the face of FluBot attacks, Germany and U.K governments warned people of the impending risks. At FluBot’s peak, users lost their device’s passwords and credentials.
Reports of banking Android Trojans have been common. The recent case of TeaBot is a new wake-up call for everyone to take extra caution. That is true, especially for both banks and individuals. Otherwise, people may lose a lot more than just information to the attackers.