Data-Stealing Disguised as a Helpful App

Stay Updated August 1, 2022

author:

Data-Stealing Disguised as a Helpful App

What happened?

A QR Code Scanner app was being used to infect phones with a TeaBot banking trojan malware. A QR Code Scanner can be helpful, but after downloading, users were prompted to install an in-app update. This update actually installed the malware on the device. The malware was designed to not only steal user data, like passwords and texts but also screen capture and control the screen. By the time this was discovered, it had been downloaded over 10,000 times. The TeaBot banking trojan had been previously distributed to mobile devices through SMS-based phishing campaigns through shipping apps DHL and UPS. 

How does this impact you?

This QR code app looks legitimate and functions as expected. The only indicator that something fraudulent was happening was the app’s immediate in-app request to download an update: “QR Code Scanner: Add-On.” The app has since been removed from the Google Play store but may still have infected your Android device. The TeaBot trojan is targeting over 400 other applications to capture sensitive information, including banking, insurance, and crypto exchange services.

What to do next?

Have you installed a QR Code Scanner that you don’t need? Uninstall it. You might not need it. Most current models of phones have an automatic QR code reader built into the camera tool. Take an evening to inspect your app permissions. If anything seems suspicious, uninstall it.

When downloading any new app, scrutinize what permission and access requests are prompted. If it doesn’t make sense for the functionality of the app, uninstall and report it.
App store reviews can be faked. Do your research and ensure the app is coming from a reputable provider.

Sources:
https://techcrunch.com/2022/03/03/teabot-data-steal-google-play/

https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe

https://www.komando.com/security-privacy/qr-code-app-hiding-malware/828276/