Over 10,000 Google Play customers have downloaded one other malicious Android app full of malware. Known as QR Code & Barcode Scanner, the app additionally put in a distant entry trojan (RAT), that allow the attackers skim passwords, banking particulars, and different delicate knowledge.
Table of Content
Observed by safety researchers at Cleafy, the malicious app incorporates the TeaBot trojan. This nasty piece of software program makes use of Android’s accessibility companies to learn the display screen, then makes use of streaming software program to ship knowledge to its controllers.
When it first got here out, it was restricted to watching a hard-coded listing of round 60 banking apps. Now the attackers have expanded in scope, with over 400 functions on the watchlist. These vary from banking apps to crypto exchanges/wallets, and even digital insurance coverage apps.
TeaBot was distributed inside a Google Play Retailer app known as QR Code & Barcode Scanner. Google has pulled it from the Play Retailer on the time of writing, however over 10,000 folks downloaded and put in it earlier than that. In case you have it in your machine, delete it, and alter all your monetary service passwords.
The malware managed to get onto the Play Retailer by not truly being contained in the app, to start with. As soon as put in, and opened, it could ask the consumer to put in an replace.
This wasn’t truly a Google Play Retailer replace, however a obtain of code from two GitHub repositories. That code put in TeaBot, which then requested the consumer to offer it extra permissions.
It’s clear that Android malware makers have discovered tips on how to sidestep any protections the Google Play Retailer has. There are some things that customers can do to maintain protected, nonetheless.
Solely set up updates from contained in the Google Play Retailer, and never contained in the app. Be cautious of any app asking for prolonged permissions at set up time. Be additional cautious of any app that asks for prolonged permissions at any time after set up.