TeaBot financial malware distributed via fake antivirus apps

June 17, 2021
teabot financial malware trojan fake mobile app sandroid

Based on a recent report, cybersecurity researchers discovered the TeaBot trojan to spread and infect Android mobile devices by disguising it as a well-known antivirus application, Kaspersky antivirus. The trojan gets distributed via third-party android app marketplaces, which are known to be high-risk since they are unofficial and do not have the security assurance and features Google Play Store offers. 


The malware is tailored to look like the legitimate Kaspersky Internet Security mobile app for Android. 

  • The fake mobile app is embedded with the TeaBot or Anatsa financial malware 
  • The installation of the fake app requires administration level privilege and access permissions to the services such as Accessibility Services 
  • The permission level will enable the TeaBot malware to perform devious capabilities such as stealing Google Authenticator codes, keylogging, and even exploiting the Android system to gain complete remote control of the infected device once privileged in using the Accessibility Services set. 


Another cybersecurity report discloses a list of other mimicked popular applications, and the fake Android app campaign started to rise at the start of December 2020. The counterfeit apps observed were disguised as well-known government, fitness, reading, and financial apps spreading TeaBot and Flubot malware. The most impersonated brands include a VLC media player, Mobdro, TeaTV, UPS, bpost, and DHL. Among the popular impersonated bank apps are Bankia, Bankia Wallet, Ibercaja, Openbank, BankinterMovil, BBVA Spain and Cajasur. 


In conclusion, cyber threats such as the TeaBot financial trojan will lure their victims under the impression that they are installing legitimate and popular apps and brands.


Keep yourself protected by strictly avoiding the installation of downloaded apps from unsecured and unofficial sources such as email, download links, or third-party marketplace that hosts the mobile apps. Users have to be extra cautious when searching the web for versions of the apps unavailable in the Google Play Store and must only install via official apps marketplace channels. 


About the author

Leave a Reply