Android users: Delete this app – it’s injected with a data-stealing Trojan

Please wait 0 seconds...
Scroll Down and click on Go to Link
Congrats! Link is Generated

Over 10,000 Google Play users have downloaded another malicious Android app stuffed with malware. Called QR Code & Barcode Scanner, the app also installed a remote access trojan (RAT), that let the attackers skim passwords, banking details, and other sensitive data.

Noticed by security researchers at Cleafy, the malicious app contains the TeaBot trojan. This nasty piece of software uses Android’s accessibility services to read the screen, then uses streaming software to send data to its controllers.

When it first came out, it was limited to watching a hard-coded list of around 60 banking apps. Now the attackers have expanded in scope, with over 400 applications on the watchlist. Those range from banking apps to crypto exchanges/wallets, and even digital insurance apps.

READ MORE: Android users: delete these apps – they could be stealing your money

screenshots of malware infested android app from google play
Image: Cleafy

TeaBot was distributed inside a Google Play Store app called QR Code & Barcode Scanner. Google has pulled it from the Play Store at the time of writing, but over 10,000 people downloaded and installed it before that. If you have it on your device, delete it, and change all of your financial service passwords.

READ MORE: Android users: Delete these apps – they’re harvesting your data

The malware managed to get onto the Play Store by not actually being inside the app, to begin with. Once installed, and opened, it would ask the user to install an update.

This wasn’t actually a Google Play Store update, but a download of code from two GitHub repositories. That code installed TeaBot, which then asked the user to give it more permissions.

It’s clear that Android malware makers have figured out how to sidestep any protections the Google Play Store has. There are a few things that users can do to keep safe, however.

Only install updates from inside the Google Play Store, and not inside the app. Be wary of any app asking for extended permissions at install time. Be extra wary of any app that asks for extended permissions at any time after installation.

Have any thoughts on this? Let us know down below in the comments  Twitter or Facebook.

Post a Comment

Read also:
Flash Sale! Do Shopify customization or bug fixing. Get It Now
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using AdBlock Extension in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your AdBlock Settings.
Site is Blocked
Sorry! This site is not available in your country.