This app from the Play Store promised to read QR codes. It was a dangerous banking malware for Android

  • 36

One of the top tips to avoid malware on Android devices is to avoid downloading apps from unknown sources or alternative stores. However, security threats can also proliferate through official stores. A recent example of this is the TeaBot Trojan, which was downloaded more than 10,000 times from the Play Store.

This is not the first time we have heard about this banking malware, and possibly it will not be the last. Last year, it reached users through a fraudulent SMS through which it tricked them into installing an application outside of the Play Store. Now, instead, it has evolved to bypass Google controls and sneak into the official app store.

TeaBot camouflages itself in a QR code reader

The cybersecurity firm Cleafy explains that the TeaBot was spreading through an application called QR Code & Barcode Scanner. Like many other malware-laden apps, this one offered real QR code and barcode scanning functionality, so many users left positive ratings and others continued to download it.

Qr Code Barcode Scanner Malware Teabot

When QR Code & Barcode Scanner was first released, it asked users for permission to update. If the permission was granted, instead of downloading an update through the Play Store, as is normal in these cases, connected to specific GitHub repositories where it retrieved malicious code and thus could bypass the prior controls of the Play Store.

The next step in the infection chain was to ask users for permissions to use accessibility services. With this, the malicious app could control and read everything that was displayed on the screen, such as sensitive information, login credentials, two-step verification codes, bank confirmation SMS and so on.

Qr Code Barcode Scanner Malware Teabot 2

The most dangerous feature of this malware is that it was programmed to run fraud on European bank apps, among which are Spanish and Italian. And the number was increasing. “In less than a year, the number of applications targeted by TeaBot has grown more than 500%, from 60 targets to more than 400,” they say from Cleafy.

How to know if you have a virus on your mobile and what to do to get rid of doubts

Fortunately, the malicious QR Code & Barcode Scanner app has been removed by Google from the Play Store following the complaint from the cybersecurity company. However, this does not mean that it continues to go around alternative stores or that the same attackers —or others— use similar techniques to reap new victims with other applications in the official Android store.

More information | Cleafy

One of the top tips to avoid malware on Android devices is to avoid downloading apps from unknown sources or…

One of the top tips to avoid malware on Android devices is to avoid downloading apps from unknown sources or…

Leave a Reply

Your email address will not be published.