Beware of TeaBot Banking Trojan when downloading Android apps, says HKCERT

    The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council (HKPC) recently observed that the TeaBot banking trojan, first discovered at the beginning of 2021 and initially targeting banks from Europe through “smishing” campaigns, has expanded its scope of attack to commonly used banking mobile apps in Hong Kong.

    The latest version of TeaBot is hidden in productivity tools and game apps which are published on the official Google Play Store. Once installed, it will overlay the login page on top of the legitimate banking or financial apps to steal account credentials and SMS one-time passwords, and even abuse the Android Accessibility Service to conduct malicious operations to incur financial losses.

    Photo for illustrative purposes only. | Photo by Anete Lusina/Pexels

    Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!

    TeaBot usually pops up a message when the user opens the App and asks the user to perform a software update immediately. Once the user executes this fake “update”, TeaBot will be loaded as a new App and then will ask for the required permissions in order to run stealthily in the background.

    In this regard, HKCERT recommend Android device users to:

    1. Avoid installing apps that are not necessary;
    2. Download Apps through official channels;
    3. Pay attention to the permissions required by the App when installing, and do not accept unnecessary or excessive permission;
    4. Keep the mobile system up to date and install the antivirus software; and
    5. Pay attention to any abnormal surge in power consumption and network traffic of the mobile phone after the installation of the apps, because usually malicious apps will continue to execute and transfer the stolen data in the background.

    For more information about mobile antivirus software, please refer: https://www.hkcert.org/resources/security-tools#mobilesecuritytools

    For information security related incidents, for example, ransomware, phishing, denial of service attack, etc., please report to HKCERT through its online Incident Report Form at https://www.hkcert.org/incident-reporting. For other information security-related questions, please contact HKCERT by email at hkcert@hkcert.org or call its 24-hour hotline: 8105 6060.

    Source: HKPC (Press Release)