A new malware currently in circulation in our regions is violently attacking the security of your bank.
If you are using a smartphone Android, beware of this new malware designed to attack your bank account. Cleafy’s cybersecurity researchers are alerting us to its rapid spread in Europe, and in particular in Spain, Germany, Italy, Belgium and the Netherlands, where it will cause many victims. It would also be in circulation in France. Baptized Information, this malware was developed specifically to gain access to your bank account, and in particular to overcome the two-factor authentication used by many banking organizations.
This malware does not spread through infected applications on the Play Store. Rather, it uses back door ways to trick you into installing it without you even realizing it. As the Cleafy researchers note, Teabot is spreading by hiding in copies of very popular applications, such as DHL, UPS or VLC MediaPlayer. The malware spreads in particular to links sent by SMS, email or simply on the web. The goal: to have you install an APK of these apps and then obtain system permissions on your device.
“When the malicious application has been downloaded to the device, it attempts to install itself as an ‘Android service’, a system service that allows it to perform long-term operations in the background. TeaBot abuses this feature to hide itself, which allows it, once installed, to be undetectable and to ensure its persistence ” explain the researchers at Cleafy.
Once installed, the malware accesses the authentication codes to your bank sent by SMS, and gradually finds its way into your bank account. In total, this malware would have managed to attack more than 60 banks across Europe.
Choose the Play Store
To avoid being contaminated by Teabot, never install applications from a link received by SMS or email, and be extra vigilant on the web. Only favor the Play Store and, if your bank allows it, use a stronger means of security than two-factor authentication. The weak point of this weak point security is precisely raised by this malicious campaign, and it is gradually abandoned by certain banking organizations in favor of more secure methods. Caution remains however in order because this two-factor authentication remains widespread, and Teabot still lurks.