According to their report, cybercriminals are offering new malicious Android applications that impersonate popular apps but are infected with TeaBot and Flubot that are from banker trojan families.
The Teabot trojan can carry out overlay attacks via Android Accessibility Services, intercept messages, perform various keylogging activities, steal Google Authentication codes, and even take full remote control of Android devices.
Hackers imitate top-rated apps with the hopes of tricking at least some users into downloading and installing their malicious versions. The researcher claims that fake apps housing the Teabot payload are based on popular apps residing on Google Play, some with as many as 50 million downloads.
The report also found that hackers have also been spreading Teabot using a fake Ad Blocker app that acts as a dropper for the malware.
“The fake Ad Blocker apps don’t have any of the functionality of the original version. They ask permission to display over other applications, show notifications, and install applications outside of Google Play, after which they hide the icon,” said the report.
Besides this, the other trojan that has been spotted is called Flubot. This is more widespread internationally, predominantly in Germany, Spain, Italy and the UK.
Unlike Teabot, which is sometimes dropped by an app posing as an ad blocker, Flubot operators have a much more direct campaign, using criminals android users install versions popular
