The TeaBot Remote Access Trojan (RAT) has been upgraded, leading to a huge increase in both targets and spread worldwide. Attackers come at you from every digital direction and the malware they cook up is often insidious in its adaptability.
TeaBot was first discovered last year. It’s a relatively straightforward malware designed to siphon banking, contact, SMS, and other types of private data from infected devices. In recent days, Cleafy published a new report on TeaBot that should put any Android user on guard. The team found that there’s been a big jump in the number of TeaBot targets — at least 400 apps used for banking, cryptocurrency transactions, and digital insurance — and the malware has begun targeting victims in Russia, Hong Kong, India, and the United States.
Why Can’t TeaBot Be Stopped?
App stores have policies and protections aimed at combating malware. Google Play Protect, for example, helps root out malicious apps before they’re installed and scans for evidence of misdoing on a daily basis.
However, TeaBot droppers aren’t obviously malicious. They might seem perfectly uninteresting, at least on the surface. Once a user opens one of these nondescript apps, they’re prompted to download a software update. The update is, in fact, a second app containing a malicious payload.
If the user gives their app permission to install software from an unknown source, the infection process begins. Like other Android malware, the TeaBot malware attempts to leverage Accessibility Services. Such attacks use an advanced remote access feature that abuses the TeamViewer application – a remote access and desktop sharing tool – giving the bad actor behind the malware remote control over the victim’s devices.
What Happens when TeaBot is installed?
Once the users accept to download and execute the fake “update”, TeaBot will start its installation process by requesting the Accessibility Services permissions to obtain the privileges needed:
- View and control screen: used for retrieving sensitive information such as login credentials, SMS, 2FA codes from the device’s screen.
- View and perform actions: used for accepting different kinds of permissions, immediately after the installation phase, and for performing malicious actions on the infected device.
How TeaBot Can Be Stopped?
It is highly recommended to research software prior to download/installation and/or purchase. Additionally, only official and verified download channels must be used.
It is just as important to activate and update programs with tools/functions provided by legitimate developers. To avoid infecting the device via spam mail, it is advised against opening dubious and irrelevant emails – especially any links or attachments found in them.
It is paramount to have a reputable anti-virus/anti-spyware suite installed and kept up to date. Furthermore, this software must be used to perform regular system scans and remove detected threats and issues.
Cross Check the below things:
- Uninstall potentially unwanted and/or malicious applications.
- Check the battery usage of various applications – Better to do so by booting mobile into safe mode.
- Check the data usage of various applications – Settings -> Connections -> Data Usage -> Mobile Data Usage / Wi-Fi Data Usage.
- Keep OS & apps up to date.
- Disable applications that have administrator privileges.
Last updated:
0 Comments