Home News A New Malware that stealing victim’s Credentials

    A New Malware that stealing victim’s Credentials


    TeaBot Malware

    A brand new fashionable and big android banking trojan was found and analyzed by Cleafy known as TeaBot. This Teabot steals the sufferer’s credentials and SMS messages for enabling fraud situations in opposition to a predefined listing of banks.

    Options of TeaBot:

    TeaBot is featured with the next potential:

    • Potential to carry out Overlay Assaults in opposition to a number of banks functions to steal login credentials and bank card data
    • Potential to ship / intercept / conceal SMS messages
    • Allow keylogging functionalities
    • Potential to steal Google Authentication codes
    • Potential to acquire full distant management of an Android machine (through Accessibility Companies and real-time screen-sharing)

    TeaBot – In-depth Evaluation

    TeaBot was initially named “TeaTV” however the app identify was modified to “VLC MediaPlayer”, “Mobdro”, “DHL”, “UPS” and “bpost” just lately.

    The primary permissions achieved by TeaBot permit to:

    • Ship / Intercept SMS messages
    • Studying cellphone e book and cellphone state
    • Use machine supported biometric modalities
    • Modify audio settings (e.g. to mute the machine)
    • Reveals a popup on high of all different apps (used throughout the set up section to drive the consumer to simply accept the accessibility service permissions)
    • Deleting an put in software
    • Abusing Android Accessibility Companies
    Listing of permissions declared within the AndroidManifest.xml
    Most important icons app utilized by TeaBot

    TeaBot important options

    The primary options noticed throughout the evaluation of the banker are the next.


    TeaBot sends the listing of put in apps to confirm if the contaminated gadgets had a number of focused apps already put in. When TeaBot discovered one in every of them, it downloads the precise payload to carry out overlay assaults and begins monitoring all of the exercise carried out by the consumer on the focused app. That data is shipped again to the assigned C2 each 10 seconds.


    One of many particularities of TeaBot is the aptitude of taking screenshots to continuously monitor the display of the compromised machine. When the C2 sends the “start_client” command with an IP deal with and PORT, it begins requesting the pictures and TeaBot begins a loop during which creates a “Digital Display” for taking screenshots.

    Overlay assault:

    A malicious software/consumer is someway in a position to carry out actions on behalf of the sufferer. This normally takes the type of an imitation app or a WebView launched “on-top” of a official software (similar to a banking app).”

    Geographical distribution of banks at present focused by TeaBot

    Pay attention to the state of affairs and take the mandatory steps to safeguard your surroundings!

    Additionally Learn

    Top 12 Security Flaws Exploited by Russian Hackers to Target Organisations Globally

    WeSteal: A Cryptocurrency-Stealing Malware that Sold in Dark Web Markets

    Source link