Google Play app downloaded more than 10,000 times contained data-stealing RAT

by
Dan Goodin
from Ars Technica - All content on (#5WPMD)
google-play_CROPPED-800x405.jpeg

Enlarge (credit: Getty Images)

A malicious app downloaded from Google Play more than 10,000 times surreptitiously installed a remote access trojan that stole users' passwords, text messages, and other confidential data, a security firm reported.

The trojan, which goes under the names TeaBot and Anatsa, came to light last May. It used streaming software and abused Android's accessibility services in a way that allowed the malware creators to remotely view the screens of infected devices and interact with the operations the devices carried out. At the time, TeaBot was programmed to steal data from a predefined list of apps from about 60 banks around the world.

On Tuesday, security firm Cleafy reported that TeaBot was back. This time, the trojan spread through a malicious app called QR Code & Barcode Scanner, which as the name suggests, allowed users to interact with QR codes and barcodes. The app had more than 10,000 installations before Cleafy researchers notified Google of the fraudulent activity and Google removed it.

Read 7 remaining paragraphs | Comments

index?i=KX56hjhbWQg:c6fNz4b0vGk:V_sGLiPB index?i=KX56hjhbWQg:c6fNz4b0vGk:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments