TeaBot malware can take full control of Android devices
In contrast to App Store customers, Android users are technically not forced to make in-app purchases via Google. That’s because the Play Store isn’t a walled garden like the App Store, and Google allows Android users to download apps from a third-party app store. However, by tricking Android users into using such third-party app stores, they persuade Android users to install apps that most likely have not been properly scanned, leading to the spread of malware.
Fake Ad Blocker App helps spread the Teabot malware
Bitdefender cites two new banker trojan malware programs called TeaBot and Flubot that trick Android users into installing what they think are legitimate apps from popular and well-known brands, but they turn out to be malware-infested. Bitdefender recently found five new malicious Android apps that contain the TeaBot Trojan and that mimic legitimate Android apps that are popular, with at least one app installed over 50 million times.
The cybersecurity company discovered that the infected TeaBot apps are using fake ad blocker apps to spread malware. The fake apps ask for permission to view other apps, view notifications, and install apps outside of the Play Store. Once these apps are installed, their icons will be hidden.
Make no mistake, TeaBot has the potential to do serious damage including “overlay attacks via Android Accessibility Services, intercepting messages, performing various keylogging activities, stealing Google authentication codes, and even completely remote control of Android” Devices”.
Flubot imitates shipping apps such as DHL Express Mobile with over 1 million installations from the Google Play Store, Fedex with over 5 million Android installations and Correos with over 500,000 downloads.
Flubot mimics shipping apps like Fedex and DHL
There is actually a way to protect yourself from this malware from infecting your phone. Bitdefender recommends that you never sideload apps on your device. In other words, stick to the App Store and Google Play Store when installing apps for your iOS or Android devices. Also, you should never tap any links in messages and “always remember the permissions of your Android apps”.
Flubot is spread through SMS spam
The fake apps that contain the TeaBot payload are designed to look like the real ones, although some of them have small changes in their label name and icon. For example, the real version of the Pluto TV streaming TV app has a label that says “Pluto TV – It’s Free TV”. The fake and infected version of the app has no space between Pluto and the TV and is called “PlutoTV”.
Make sure you don’t have the infected version of these apps on your phone
Almost 93% of the fake apps that try to distribute TeaBot come from an app called MediaPlayer that tries to mimic one of the most popular titles on the Google Play Store, VLC. The latter is a “free and open source cross-platform multimedia player” with over 100 million installations. Notice the huge difference in icon between the clean and infected versions of the app.
79.5% of Teabot malware was found in Spain, with 11.18% in Italy and 4.6% in the Netherlands.