TeaBot: a new Android malware emerged in Italy, targets banks in Europe.
At the beginning of January 2021, a new Android banker started appearing and it was discovered and analysed by our Threat Intelligence and Incident Response (TIR) team.
Since lack of information and the absence of a proper nomenclature of this Android banker family, we decide to dub it as TeaBot to better track this family inside our internal Threat Intelligence taxonomy.
TeaBot appears to have all the main features of nowadays Android bankers achieved by abusing Accessibility Services such as:
Ability to perform Overlay Attacks against multiple banks applications to steal login credentials and credit card information
Ability to send / intercept / hide SMS messages
Enabling key logging functionalities
Ability to steal Google Authentication codes
https://www.cleafy.com/documents/teabot
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv
