Criminals spread malware by getting Android users to install fake versions of popular apps
Criminals spread malware by getting Android users to install fake versions of popular apps

Cybersecurity company Bitdefender points out that one of the things that separates the Google Play Store from the App Store is also an issue for Android users. While both Apple and Google collects up to 30% of the in-app sales that are processed through their respective in-app payment platforms, iOS users are forced to make their in-app purchases through Apple as Apple prevents developers from finding an alternative Offer a payment platform.
Epic offered its customers an alternative payment platform in violation of Apple’s rules. Because of this, Epic’s big hit game Fortnite was kicked off the App Store.

TeaBot malware can take full control of Android devices

In contrast to App Store customers, Android users are technically not forced to make in-app purchases via Google. That’s because the Play Store isn’t a walled garden like the App Store, and Google allows Android users to download apps from a third-party app store. However, by tricking Android users into using such third-party app stores, they persuade Android users to install apps that most likely have not been properly scanned, leading to the spread of malware.

Bitdefender cites two new banker trojan malware programs called TeaBot and Flubot that trick Android users into installing what they think are legitimate apps from popular and well-known brands, but they turn out to be malware-infested. Bitdefender recently found five new malicious Android apps that contain the TeaBot Trojan and that mimic legitimate Android apps that are popular, with at least one app installed over 50 million times.

The cybersecurity company discovered that the infected TeaBot apps are using fake ad blocker apps to spread malware. The fake apps ask for permission to view other apps, view notifications, and install apps outside of the Play Store. Once these apps are installed, their icons will be hidden.

Make no mistake, TeaBot has the potential to do serious damage including “overlay attacks via Android Accessibility Services, intercepting messages, performing various keylogging activities, stealing Google authentication codes, and even completely remote control of Android” Devices”.

While TeaBot is being dumped by an app pretending to be an ad blocker, Flubot is spread through SMS spam and, according to Bitdefender, “it steals banking, contacts, SMS and other types of private information from infected devices while offering Arsenal of other available commands “. including the ability to send an SMS with content provided by the CnC. “

Flubot imitates shipping apps such as DHL Express Mobile with over 1 million installations from the Google Play Store, Fedex with over 5 million Android installations and Correos with over 500,000 downloads.

There is actually a way to protect yourself from this malware from infecting your phone. Bitdefender recommends that you never sideload apps on your device. In other words, stick to the App Store and Google Play Store when installing apps for your iOS or Android devices. Also, you should never tap any links in messages and “always remember the permissions of your Android apps”.

Flubot is spread through SMS spam

The fake apps that contain the TeaBot payload are designed to look like the real ones, although some of them have small changes in their label name and icon. For example, the real version of the Pluto TV streaming TV app has a label that says “Pluto TV – It’s Free TV”. The fake and infected version of the app has no space between Pluto and the TV and is called “PlutoTV”.

Almost 93% of the fake apps that try to distribute TeaBot come from an app called MediaPlayer that tries to mimic one of the most popular titles on the Google Play Store, VLC. The latter is a “free and open source cross-platform multimedia player” with over 100 million installations. Notice the huge difference in icon between the clean and infected versions of the app.

79.5% of Teabot malware was found in Spain, with 11.18% in Italy and 4.6% in the Netherlands.


Please enter your comment!
Please enter your name here