A new malware strain, dubbed the TeaBot Trojan, is targeting bank accounts across Europe. The Malware can steal victims’ credentials and SMS messages as well as livestream device screens on demand.
Security investigators found evidence that TeaBot first targeted banks in Spain as early as January 2021 and also targeted German banks in March. The malicious code has since spread to Italy and Belgium.
Once the TeaBot virus is installed, the code requests Android permissions to observe the user’s actions. This includes activities like retrieving window content, and performing arbitrary gestures. When the permissions are granted, the app proceeds to remove its icon from the device. The main purpose of TeaBot is to exfiltrate data, and to provide sensitive financial data to hackers.
Looking at this latest threat for Digital Journal is Sam Bakken, Senior Product Marketing Manager, OneSpan.
Bakken notes that the novel threat is a growing concern: “While taking advantage of Android Accessibility Services for financial gain is not a new tactic, its prevalence is increasing.”
This is a consequence of an expansion of digital financial services: “More people are engaging often with mobile financial services, making attacking mobile banking apps a lucrative return on investment.”
An inherent weakness with many offerings makes things more precarious for service users, according to Bakken: “In many cases, these mobile overlay schemes are sold as a service so that even less-skilled criminals can take advantage of already developed technology. I suspect this is only the beginning of the wave, and attackers will continue to roll-out overlay attacks on Android devices as long as they are successful.”
Things do not need to be bleak, according Bakken: “Luckily, there is something mobile financial services app developer can do to protect their users, apps and businesses — protect their apps with mobile app shielding.”
Furthermore, Bakken notes, there are other protective measures that need to be put into place: “Mobile app shielding is security that travels along with the app to protect it even on compromised devices that have granted Accessibility Services access to a malicious app. Mobile app shielding detects tampering or abuse of Android Accessibility Services and shuts down the interference before attackers can steal credentials and drain an account.”
