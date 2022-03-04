After knowing that there is a dangerous evolution of BRATA in the Play Store, that banking malware is evolving and that both the Android permissions system and the lack of security in Google Play are the main culprits, we have news again about Trojans capable of taking over your entire device.

In this case, it has been a QR code application that has reintroduced Teabot in the Play Store. It is a dangerous malware able to fully control your device and that is mainly focused on obtaining your bank details. It is not only present in this app (already removed), but it continues to evolve and masquerade as more apps.

Teabot returns stronger than ever

The full control permission, avoid giving it at all costs.

From EuroXliveAndroid we have shown you how you can read QR codes without installing anything, because all Android phones have this function. Cleafy researchers have detected the return of Teabot, a dangerous Trojan that we already heard about in 2021.

Teabot’s modus operandi is already known: it asks for accessibility permission to completely control our mobile and steal our passwords

In this case, it was hidden in a QR code app that had more than 10,000 downloads and that appeared in the top positions when we searched for “qr reader” in the Play Store. The app hid a malware with a behavior that we already know: ask for the accessibility permission to have full control of the devicejust like the famous FedEx app viruses did.

Teabot Global Distribution

Teabot does not stop its advance. Initially it began to be distributed in the fake apps of DHL, UPS, FedEx and others, but in recent months researchers point out that it is present in more apps. On the part of the average user, since there are so many reviews purchased on Google Play, it is practically impossible to distinguish whether the app they are going to download is malicious, so the only thing left to do is be wary as soon as it asks for full control permission.

As we always do, we recommend keep a close eye on the permissions that apps ask fornever install apps that you don’t need and avoid at all costs giving full control to apps that don’t have to ask for accessibility permission.

