TeaBot malware is in the early stages of development yet, so far, it has targeted 60 banks all over Europe.
The Threat Intelligence and Incident Response (TIR) team at Italy, Milan-based online fraud prevention firm Cleafy’s has discovered a new Android malware that is targeting unsuspected users across Europe since January 2021.
Dubbed TeaBot by researchers; the malware is in the early stages of development yet equipped with capabilities like remotely taking full control of a targeted device, steal login credentials, send and intercept SMS messages for additional scams including extracting banking data.
So far, Cleafy’s threat research team has identified more than 60 banks targeted by TeaBot malware in European countries like Italy, Spain, Germany, Belgium, and the Netherlands. The malware supports 6 different languages German, English, Italian, French, Spanish, and Dutch.
Watch out: New Android malware spreads through WhatsApp
Other capabilities of this malware let its operators delete existing apps from the device, change audio settings such as muting the device, read its phone book, read the ‘phone state’ meaning attackers can identify the victim’s phone number, the status of ongoing calls, current cellular network information, etc.
Furthermore, TeaBot malware constantly takes screenshots of the compromised device and abuses Android Accessibility Services by showing up a popup that forces victims to accept the accessibility service permissions. This lets the malware act as a keylogger and tracks everything victim does on their phone.
