A new banking malware, called Teabot, is currently rampant in Europe.
Spotted by the cybersecurity researchers at Cleafy, the virus would for the moment be mainly present in Spain, Germany, Italy, Belgium and the Netherlands.
This malware is particularly dangerous, reports ZDNet, relayed by Phonandroid.
When they break into an Android smartphone, hackers can see what is happening on the screen of the device live, and interact with it.
A very discreet Trojan horse hidden in several apps
The virus can thus be used to steal private identification data. It makes it possible to retrieve single-use double authentication codes sent by banks to their customers by SMS. Hackers can then log into victims' bank accounts and perform transactions.
Teabot is hiding in a scam app.
It was initially called "TeaTV", before taking other names such as "VLC MediaPlayer", "Mobdro", "DHL", "UPS" or "bpost".
When downloaded, "it tries to install itself as an 'Android service', in other words a system service," the researchers explain.
“This feature is hijacked by Teabot to hide itself, which allows it, once installed, to prevent its detection and therefore ensure its persistence in the smartphone.
Restore the smartphone
Once installed, the malware requests permissions to observe the victim's actions, recover data and perform arbitrary actions.
The application that hides the virus is an empty shell.
Once the authorizations are received, it disappears, but the fraudulent actions obviously continue in the background.
The malware currently exists in Spanish, English, Italian, German, Dutch and even French.
If you have downloaded a suspicious application that may contain this virus, you will need to restore your phone to its original settings and a backup that predated the installation of the malware.
Cybersecurity: Vulnerability affects nearly 40% of Android phones worldwide
Telegram: This malware can steal cryptocurrencies by tampering with copy / paste