1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This data-stealing Android app has been downloaded thousands of t

    From TechnologyDaily@1337:1/100 to All on Fri Mar 4 13:30:04 2022
    This data-stealing Android app has been downloaded thousands of times

    Date:
    Fri, 04 Mar 2022 13:15:45 +0000

    Description:
    Don't be fooled, this Android app was abused to deliver a malicious payload via updates.

    FULL STORY ======================================================================

    Criminals have managed to successfully hide a banking Trojan on the Google Play Store, possibly infecting thousands of devices in an attempt to steal identities and two-factor authentication codes.

    Anew report from security firm Cleafy found thatTeaBot banking trojan, sometimes referred to as Anatsa, or Toddler, was being distributed as a second-stage payload from a seemingly legitimate app.

    The team found it was being distributed as an update to a non-malicious,
    fully functioning app called QR Code & Barcode - Scanner. The app works as intended - scans barcodes and QR codes properly, and as such, has received numerous positive reviews on the Play Store.

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << Delivering the payload

    However, as soon as its installed, it requests permission to download a
    second application, called QR Code Scanner: Add-On which, according to the publication, includes multiple TeaBot samples.

    The app has had more than 10,000 downloads before being discovered for what
    it truly was, and being removed from the app store.

    When a victim downloads the add-on, TeaBot will ask for permissions to view and control the endpoints screen, and if granted - will use the power to pull login credentials, SMS messages, or two-factor authentication codes. It also gains access to record keystrokes, by abusing Android accessibility services. Read more

    Malware removal on Android: how to clean up your smartphone


    Millions of Android phones infected with this dangerous new malware


    Watch out - that Android security update may be malware

    Since the dropper application distributed on the official Google Play Store requests only a few permissions and the malicious app is downloaded at a
    later time, it is able to get confused among legitimate applications and it
    is almost undetectable by common antivirus solutions, Cleafy said.

    While Google did not comment on the findings, it did remove the app from the store.

    TeaBot was first spotted in May last year, when it targeted European banks by stealing two-factor codes sent via SMS. This time around, Cleafy says, it targets users in Russia, Hong Kong, and the US. Here's our rundown of the
    best malware removal software available today

    Via: TechCrunch



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-data-stealing-android-app-has-been-downloa ded-thousands-of-times/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)