Malicious Google Play apps have circumvented censorship by hiding trojans in software updates.
The TeaBot banking trojan – also known as “Anatsa” – has been spotted on the Google Play store, researchers from Cleafy have discovered.
The malware – designed to intercept SMS messages and login credentials from unwitting users – affected users of “more than 400 banking and financial apps, including those from Russia, China, and the U.S,” its report claims.
This isn’t the first time TeaBot has terrorized Android users.
TeaBot Just Won’t Die
TeaBot was first discovered last year. It’s a relatively straightforward malware designed to siphon banking, contact, SMS and other types of private data from infected devices. What makes it unique – what gives it such staying power – is the clever means by which it spreads.
TeaBot requires no malicious email or text message, no fraudulent website or third-party service. Instead, it typically comes packaged in a dropper application. Droppers are programs that seem legitimate from the outside, but in fact act as vehicles to deliver a second-stage malicious payload.
TeaBot droppers have masked themselves as ordinary QR code or PDF readers. Hank Schless, senior manager of security solutions at