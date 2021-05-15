



Of all the ever-growing digital threats, from credential-stealing malware to malicious code that attacks end users with annoying ads and pop-ups, the most frightening and potentially most devastating are victims. It is a targeted threat. Banks and financial institutions.

We have reported on such threats, such as malware that steals login credentials and leaks victims’ bank accounts. And now another similar Android malware has been identified by security researchers. Security researchers recently warned that the malware (called “TeaBot”) could perform actions such as livestreaming the target device screen for the benefit of the attacker. It can also hijack your login credentials and text messages in order to engage in fraudulent banking activities.

Researchers on the threat intelligence and incident response team of cybersecurity firm Cleafy identified a TeaBot Android banking Trojan in January. The main goal of this threat is to steal victim credentials and SMS messages to enable fraudulent scenarios against a list of banks in Europe such as Spain, Germany, Italy, Belgium and the Netherlands. “Once the TeaBot is successfully installed on the victim’s device, an attacker can get livestreaming of the device screen (on demand) and interact through accessibility services,” the Cleafy team said on the threat. I explained it in the technical analysis.

Among the actions that TeaBot can perform, the threats are:

Has the ability to perform overlay attacks against multiple banking applications to steal login credentials and credit card information Can send, intercept and hide SMS messages Enable keylogger feature Enable Google Authenticator Has the ability to steal Android devices via accessibility services and real-time screen sharing)

When TeaBot was first discovered, it turned out to be focused only on Spanish banks. However, according to the Cleafy team, a new sample of TeaBot began to appear in March, targeting German and Italian banks for the first time. In addition, TeaBot currently supports several different languages, including Spanish, English, Italian, German, French and Dutch.

Saumitra Das, CTO of cybersecurity firm BlueHexagon, said in explaining how dangerous malware was, “Which threat attackers could pose to the true potential of mobile devices and end users?” I’m demonstrating once again that I’m aware of this, “he told ZDNet. .. “

“It’s important to remember that the phishing / social engineering tactics used by the actors behind TeaBot / Flubot are as good as the threat family on the PC side, even if the app isn’t on Google Play. Within a short time frame, they can manage to get a huge base of infection. Don’t underestimate these threats. “

Andy is a Memphis reporter and has contributed to outlets such as Fast Company and The Guardian. When he’s not writing about technology, he can find him crouching protectively over his fast-growing collection of vinyl.

