Quote:Researchers have discovered an Android trojan that can steal victims’ SMS messages and credentials and completely take over devices. The trojan, dubbed TeaBot, is aimed at committing fraud against at least 60 banks in Europe.
Once installed on a victim’s device, attackers can use the trojan to obtain a live streaming of the device screen on demand and also interact with it via Accessibility Services, according to a report posted online by online fraud-management firm Cleafy about the trojan, which is also tracked by the name “Anatsa.”
Researchers from Cleafy’s Threat Intelligence and Incident Response (TIR) team detected TeaBot—which shares a number of features with other Android trojans–for the first time March 29 against banks in Italy, but the malware has since spread with “injections against Belgium and Netherlands banks,” according to the report.
However, once digging deeper into the sample they examined, researchers found evidence that TeaBot targeted banks in Spain as early as January and also targeted German banks in March, they said. In total, researchers have extracted scenarios against a predefined list of more than 60 banks.
At the moment, the trojan supports six different languages—Spanish, English, Italian, German, French and Dutch—and appears to be in its early stages of development because of some of the glitches observed in its process flow, researchers noted.
“The partial network encryption and the presence of some not-working injections and commands (or in some cases a lack of injections for specific targeted banks) suggest to us that the TeaBot is still under development,” they wrote.
Read more: TeaBot Trojan Targets Banks via Hijacked Android Handsets | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
