Teabot, a new malware attacks Android and can affect you

Christian Ruíz

4 minutes

teabot malware

From time to time, hackers give us a joy in the form of a Trojan so that we have to worry about our personal data. It is almost never a small virus to get us some publicity, but they go big. The Teabot malware is the new concern of users, as it attacks bank details.

What is more worrying is the trend, since so far in 2021 there have been too many malware for our liking, exceeding the average of normal. System Update, Flubot, WhatsApp Rosa and BRATA are some of those that cybersecurity researchers have discovered, and we are only in May.

This is how this banking Trojan works

To be clear and concise, it is a new malware that affects only Android and has been discovered by Cleafy, cybersecurity company. As stated in their report, TeaBot is a banking malware that tries to steal victims' credentials and SMS messages to access the bank's data.

When clicking on the link that comes in the text message, a web page very similar to MRW's is opened and it asks us to let's install an application from outside the Play Store to track our package.

permissions vlc malware teabot

Once it is installed on the victim's mobile, attackers can remotely view and control the screen, thanks to the accessibility permission, which allows complete control over the device. These are some of the actions you can take, although the summary is that can control all mobile.

  • Send and intercept SMS messages
  • Read phone status
  • Modify sound settings to silence the phone
  • Show a pop-up about other apps so that we accept permissions
  • It is capable of deleting applications

On a technical level it is very similar to Flubot. TeaBot hides under the name of DHL, UPS, VLC MediaPlayer or Mobdro, that is, impersonates other applications. Once we install it, it asks us for accessibility permission and, when it has it, we have already fallen into the trap.

teabot malware applications

This new banking malware can bypass the system Google malware review, called Google Play Protect, intercept the verification SMS messages sent by our bank and even access the codes of the Google Authenticator double authentication.

Avoid downloading Teabot, especially if you are Spanish

TeaBot is attacking all over Europe, with Spain as the main victim, followed by Germany, Italy and Belgium. The researchers say that it is in its early stages of development, so it could behave more aggressively over the next few weeks. That is more worrying than the fact that there is malware circulating.

As we mentioned, or rather as they assure in this company, it is being primed especially with Spain and with the country banks. This makes it much easier for them to access users' bank details and account to do who knows what with that money.

graphic teabot malware

The solutions are few if you have already clicked on that message and installed the application, beyond taking drastic measures on your bank account and contacting the bank. If that situation has not yet reached you, the arrangement is much simpler.

To avoid falling into this type of malware basically We recommend that you do not install third-party APKs Unless you are clear about its origin and operation. In addition to this, do not give accessibility permissions lightly, since they can completely control your device through it.


Leave a Comment

Your email address will not be published. Required fields are marked with *

  1. Responsible for the data: Actualidad Blog
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   The Morelito 3000 said
    ago 3 years

    Hello, thank God, I'm Dominican and I never fall for that, you know even if I'm a victim, I realize sai

    Reply to La Morillito 3000