• Home
  • Mobile
  • This application, which has been downloaded thousands of times in the Play Store, is opening the door to the Trojan Horse

This application, which has been downloaded thousands of times in the Play Store, is opening the door to the Trojan Horse

Published on the Google Play Store, this application, which performs its task perfectly and has been downloaded thousands of times, turns out to be placing a very dangerous trojan horse on your Android device!
 This application, which has been downloaded thousands of times in the Play Store, is opening the door to the Trojan Horse
READING NOW This application, which has been downloaded thousands of times in the Play Store, is opening the door to the Trojan Horse

Cybercriminals have successfully managed to hide a banking Trojan on the Google Play Store, which has probably infected thousands of devices with the aim of stealing identities and two-factor authentication codes.

A new report from security firm Cleafy has found that the TeaBot banking trojan, also called Anatsa or Toddler at some points, was deployed as a second-stage payload from an apparently legitimate app.

The team found that it was distributed as an update to a non-malicious application called “QR Code & Barcode – Scanner” which does its launch perfectly. The app works as intended, i.e. it scans barcodes and QR codes accurately, thanks to which it has received a lot of positive reviews on the Play Store.

But as soon as the app is installed, the report says, it asks for permission to download a second app called “QR Code Scanner: Add-On” which contains “multiple TeaBot samples”.

The app was downloaded more than 10,000 times before it was discovered for what it really was and removed from the app store.

When a victim downloads the “add-on” (Add-On), TeaBot requests permissions to view and control the endpoint’s screen and, if allowed, receives login credentials, SMS messages, or two-factor authentication codes. It also provides access to record keystrokes by abusing Android accessibility services.

“Since the app distributed on the official Google Play Store only asks for a few permissions and the malicious app is downloaded later, it can be confused between legitimate apps and is almost undetectable by common antivirus solutions,” says Cleafy.

Google did not comment on the findings, but removed the app from the store.

TeaBot was first spotted in May last year when it targeted European banks by stealing two-factor codes sent via SMS. Cleafy says it’s targeting users in Russia, Hong Kong and the US this time around.

Comments
Leave a Comment

Details
141 read
okunma54881
0 comments