Threat Actors Blanket Androids with Flubot, Teabot Campaigns

Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.

Researchers have discovered a raft of active campaigns delivering the Flubot and Teabot trojans through a variety of delivery methods, with threat actors using smishing and malicious Google Play apps to target victims with fly-by attacks in various regions across the globe.

Researchers from Bitdefender Labs said they have intercepted more than 100,000 malicious SMS messages trying to distribute Flubot malware since the beginning of December, according to a report published Wednesday.

During their observation of Flubot, the team also discovered a QR code-reader app that’s been downloaded more than 100,000 times from the Google Play store and which has delivered 17 different Teabot variants, they said.


Flubot and Teabot emerged on the scene last year as relatively straightforward banking trojans that steal banking, contact, SMS and other types of private data from infected devices. However, the operators behind them have unique methods for spreading the malware, making them particularly nasty and far-reaching.

Changing It Up

Flubot was first discovered in April targeting Android users in the United Kingdom and Europe using

Read More: https://threatpost.com/threat-actors-androids-flubot-teabot-campaigns/177991/