TeaBot
Description
(Cleafy) TeaBot appears to have all the main features of nowadays Android bankers achieved by abusing Accessibility Services such as: • Ability to perform Overlay Attacks against multiple banks applications to steal login credentials and credit card information • Ability to send / intercept / hide SMS messages • Enabling key logging functionalities • Ability to steal Google Authentication codes • Ability to obtain full remote control of an Android device (via Accessibility Services and real-time screen-sharing)
Names
| Name |
|---|
| TeaBot |
| Anatsa |
| Toddler |
| ReBot |
Category
Malware
Type
- Banking trojan
- Backdoor
- Info stealer
- Keylogger
- Credential stealer
Information
- https://www.cleafy.com/documents/teabot
- https://labs.k7computing.com/?p=22407
- https://www.threatfabric.com/blogs/smishing-campaign-in-nl-spreading-cabassous-and-anatsa.html
- https://labs.bitdefender.com/2021/06/threat-actors-use-mockups-of-popular-apps-to-spread-teabot-and-flubot-malware-on-android/
- https://www.telekom.com/en/blog/group/article/flubot-under-the-microscope-636368
- https://blog.nviso.eu/2021/05/11/android-overlay-attacks-on-belgian-financial-applications/
- https://www.buguroo.com/hubfs/website/pdf/reports/buguroo-malware-report-Toddler_EN.pdf
- https://www.bitdefender.com/blog/labs/new-flubot-and-teabot-global-malware-campaigns-discovered
- https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
- https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
- https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
Malpedia
Other Information
Uuid
20e120b6-d35c-43c8-af2a-25302b78b59a
Last Card Change
2024-06-19