According to Bitdefender’s latest report, there is a new threat for Android users. According to their threat analysis, threat actors are distributing new malicious Android apps that imitate popular apps but are infected with the banker trojans like TeaBot and Flubot.
The Teabot trojan can use Android Accessibility Services to perform overlay attacks, intercept messages, execute different keylogging operations, steal Google Authentication codes, and even take full remote control of Android devices.
Hackers replicate popular apps in the hopes of misleading some Android users to download and install their malicious versions. According to the researcher, fraudulent apps with the Teabot payload are modelled on prominent apps in Google Play, with some having as many as 50 million downloads.
According to the research report, Teabot has also been transmitted by hackers using a fake Ad Blocker app that works as a dropper for the malware.
The report mentions “The fake Ad Blocker apps don’t have any of the functionality of the original version. They ask permission to display over other applications, show notifications, and install applications outside of Google Play, after which they hide the icon,”
Aside from that, a trojan known as Flubot has been discovered. This is more common abroad, particularly in Germany, Spain, Italy, and the United Kingdom.
Unlike Teabot, which is occasionally blocked by an app acting as an ad blocker, Flubot’s operators run a far more direct campaign, sending spam SMS.
Flubot is believed to steal banking, contact, SMS, and other private data from infected devices, as well as having an arsenal of other commands, including the capability to send SMS.
According to the research, Android users can mitigate the threats by never installing apps from sources other than the official store. It also recommends that you never click on links in messages and that you always check the permissions of your Android apps.