A New Android Banking Malware Targets User Bank Credentials: Here's How TeaBot Works
(Photo : Photo by Justin Sullivan/Getty Images) The new iPhone 5S with fingerprint technology is displayed during an Apple product announcement at the Apple campus on September 10, 2013 in Cupertino, California. The company launched the new iPhone 5C model that will run iOS 7 is made from hard-coated polycarbonate and comes in various colors and the iPhone 5S that features fingerprint recognition security.
A New Android Banking Malware Targets User Bank Credentials: Here's How TeaBot Works
(Photo : Photo by Sean Gallup/Getty Images) A participant sits with a laptop computer as he attends the annual Chaos Communication Congress of the Chaos Computer Club at the Berlin Congress Center on December 28, 2010 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants.

Security researchers discovered a new Android banking malware called TeaBot. They claimed that this new trojan virus can steal users' bank credentials to steal their funds. 

A New Android Banking Malware Targets User Bank Credentials: Here's How TeaBot Works
(Photo : Photo by Sean Gallup/Getty Images)
A participant sits with a laptop computer as he attends the annual Chaos Communication Congress of the Chaos Computer Club at the Berlin Congress Center on December 28, 2010 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants.

According to the involved cybersecurity researchers, the new Android banking malware was disclosed on Monday, May 10. They explained that hackers can use this new trojan to hijack users' credentials and SMS messages. 

Once the cybercriminals successfully do this, they can conduct malicious activities against the banks in Germany, Italy, Belgium, the Netherlands, and Spain. Aside from this, the security experts claimed that the new TeaBot malware is still in its early stages of development. 

This means that the trojan virus could be more dangerous if it is not neutralized as soon as possible.

The hackers behind the new malware started to conduct malicious activities back in late March. After that, they attacked some of the financial apps in the first week of May in Belgium and the Netherlands banks. 

How TeaBot Malware Works 

According to the Hackers News' latest report, the very first appearance of the new Trojan virus was first spotted back in January. 

A New Android Banking Malware Targets User Bank Credentials: Here's How TeaBot Works
(Photo : Photo by Justin Sullivan/Getty Images)
The new iPhone 5S with fingerprint technology is displayed during an Apple product announcement at the Apple campus on September 10, 2013 in Cupertino, California. The company launched the new iPhone 5C model that will run iOS 7 is made from hard-coated polycarbonate and comes in various colors and the iPhone 5S that features fingerprint recognition security.

Also Read: Ransomware Demands Two Bitcoins: Attack Disguises as Security Software Exploiting VPN Weakness, Two Manufacturing Plants Down

"The main goal of TeaBot is stealing victim's credentials and SMS messages for enabling fraud scenarios against a predefined list of banks," said Cleary, Italian cybersecurity and online fraud prevention firm. 

"Once TeaBot is successfully installed in the victim's device, attackers can obtain a live streaming of the device screen (on demand) and also interact with it via Accessibility Services," the security company added. 

Aside from this, the security firm Cleafy also confirmed that the rouge Android malware disguises itself as package delivery and media services. These include TeaTV, DHL, UPS, VLC Media Player, and more.

On the other hand, experts also concluded that once the hackers successfully exploit the new malware, they can now load a second-stage payload and force their victims to provide bank account permissions.  

Other Details of the New Malware

Cleafy's official website also provided the exact methods used by the new malware. Here are some of them: 

  • The malicious application acts as a dropper and dynamically loads a 2nd stage (.dex) where all the malicious code resides
  • Network communications are partially encrypted using the XOR algorithm
  • Usage of "Junk Code"

If you want to know more details about the new Android TeaBot malware, all you need to do is click this link

For more news updates about new malicious systems, such as malware, trojans, and more, always keep your tabs open here at TechTimes.  

Related Article: Your Internet-Connected Device Could Be at Risk of Bug Exploitation--Singaporean Security Firm Identifies Possible Infected Devices

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.