Thousands of people have downloaded this data-stealing Android app
In an effort to seize identities and two-factor authentication tokens, cybercriminals have effectively hidden a banking Trojan on the Google Play Store, potentially compromising thousands of devices. The TeaBot banking trojan, also known as Anatsa or Toddler, was discovered as a second-stage payload from a potentially valid app, according to a recent analysis from security firm Cleafy.
It was discovered that it was being delivered as an update to a fully functional, non-malicious app called “QR Code & Barcode — Scanner.” The software does what it’s supposed to do — scans barcodes and QR codes correctly — and as a result, it’s received a lot of favorable feedback on the Play Store.
However, after it’s loaded, it asks for permission to download a second software called “QR Code Scanner: Add-On,” which includes “many TeaBot samples,” according to the publication. Before it was identified for what it really was and banned from the app store, the app had over 10,000 downloads.
TeaBot will seek access to view and control the endpoint’s screen when a victim downloads the “add-on,” and if allowed, will use that authority…
