TeaBot malware which is also known as Toddler or Anatsa, is increasingly targeting countries in Europe, including the United Kingdom, France, Belgium, Australia, Germany, Switzerland, and the Netherlands, according to Prodaft researchers.
The malware is still in development, according to the Prodaft Threat Intelligence team, but it has already infected over 7,000 devices.
Customers of 60 European banks were targeted by the mobile trojan, which attempted to steal their banking credentials. Mobile apps for financial organizations have been targeted, including Belfius, BEO Bank, and FinecoBank, among others.
Despite the fact that the trojan has yet to be found on Google Play, researchers have discovered various genuine websites that have been hacked in order to host and propagate the malware. After being infected, the malware downloads the false login pages from its C2, which are clones of the app to be used by the victims. These are superimposed on top of the banking application on the victim’s screen. The malware can also steal data (including cryptocurrency wallet information), grab screenshots, intercept 2FA codes and SMS, and conduct keylogging.
TeaBot malware operators are skilled at impersonating banking and other popular apps. Furthermore, it is a severe threat due to the presence of various sophisticated methods such as targeting crypto wallets and abusing Accessibility Services.