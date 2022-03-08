Is back TeaBot, in fact he never left. The trojan that came to the fore last May also in Italy has changed its skin by finding new ways to deceive those who had learned to know it and therefore to survive. The news are once again the Cleafy researchers, the same ones who in May 2021 had warned the world: “TeaBot hasn’t disappeared, on the contrary: it’s more sneaky than ever”they let you know.

The Trojan that likes login credentials, banking details and sensitive information in general was recently intercepted in an app regularly published on the Play Store. The more than 10,000, to read the numbers published by Google itself, to have downloaded QR Code & Barcode – Scanner they called “you” to the danger, hoping that they were able to avoid it. The app – needless to look for it, it is already been removed from Google – despite the fact that, as the reviews on the store attest, it worked very well, acted as a “bridge” for the TeaBot landing on the victim’s smartphone.

In fact, at the first opening it required you to download an add-on, a second app necessary for the first to work. No “real” QR scanner integration though, just one package containing TeaBot that became Invisible as soon as the user authorizations have been obtained: reading and control of the screen and the ability to control the user’s actions and to carry out the main ones in turn. The necessary to spy on the user and steal sensitive dataIn short.

The spread of TeaBot over the months

Cleafy points out that the major evolution of TeaBot over the months has allowed it to increase the type of apps subject to “special” attention, including home banking, insurance, wallets and cryptocurrency exchanges: “In less than a year – they write – the number of applications targeted by TeaBot has grown by over 500%going from 60 target types to over 400 “. Additionally, the Trojan’s reach has been expanded with support for several other languages, including Russian, Slovak and Mandarin, and clearly emerges from the heatmap made by researchers.

The case of QR Code & Barcode – Scanner demonstrated how much TeaBot can sneakily infiltrate anyone’s smartphone. The app has been removed from the Play Store, but it is advisable to keep your guard up against those apps that, once installed, immediately require an update to use them, especially when this provides for the granting of a more permissions than the starting app.

Credits opening image: 123RF