Saturday, March 5, 2022

WARNING QR Code Scanner: Add-On on Andriod

 TeaBot, posing as “QR Code Scanner: Add-On”, is downloaded from two specific GitHub repositories created by the user feleanicusor. It has been verified that those repositories contained multiple TeaBot samples starting from Feb 17, 2022:


As reported at TeaBot is now spreading across the globe | Cleafy Labs

Background and key points

TeaBot is an Android banking trojan emerged at the beginning of 2021 designed for
 stealing victim’s credentials and SMS messages

TeaBot RAT capabilities are achieved via the device screen’s live streaming 
(requested on-demand) plus the abuse of Accessibility Services for remote
interaction and key-logging. This enables Threat Actors (TAs) to perform ATO
 (Account Takeover) directly from the compromised phone, also known as 
“On-device fraud”
.
Initially TeaBot has been distributed through smishing campaigns using a 
predefined list of lures, such as TeaTV, VLC Media Player, DHL and UPS
 and others.
Recent samples show how TAs are evolving their side-loading techniques,
including the distribution of applications on the official Google Play Store, 
also known as “dropper applications”.

In the last months, we detected a major increase of targets which now count 
more than 400 applications, including banks, crypto exchanges/wallets and 
digital insurance, and new countries such as Russia, Hong Kong, and the US 


See the full report Here