They detect a new banking Trojan in an application to watch television online

Must Read

Brian Adam
Professional Blogger, V logger, traveler and explorer of new horizons.
- Advertisement -
- Advertisement -
- Advertisement -
- Advertisement -

They detect a new banking Trojan in an application to watch television online

From Hispasec they have echoed the detection of a new banking malware on Android, belonging to what appears to be a previously unidentified family, after being analyzed in VirusTotal, Koodous and by Hispasec’s own team.

The malware comes in an APK file called TeaTV. TeaTV is a service to watch series and television online without a license, and in this case, the application is false, since it is not the official one of the service. The file was capable of install an accessibility service on the phone to monitor all phone activity, in order to detect the opening of banking applications.

If you have installed an app called TeaTV.apk, it should be deleted immediately

Image 1

According to Hispasec, the new malware appears to be from a new family. It is a banking Trojan, although it follows the usual strategy of this type of malware when trying to steal data. This malware take advantage of Android accessibility permissions, which requests nothing else to install. After giving accessibility permissions, the malware is able to detect button presses, changes in text fields and others on our phone. What do they get out of this?

As soon as the malware detects that we open a banking app, it shows us a phishing panel that tries to steal our data

As soon as we interact with any element of the interface of our device, the malware receives information associated with it: in other words, you can know when we have opened a banking application.

If it detects that we have opened it, automatically open a web view with a phishing form, to get hold of our login credentials. In addition to injecting phishing, the malware sends information about the accessibility events it collects, to keep track of phone activity.

The application, as we indicated, is a fake APK, that is, it does not really belong to TeaTV. If we go to the service page, we see that the APK we downloaded is called teatv _ release _ 310.apk, that is, the file name and version. The infected APK is teatv.apk, a copy of the original app, but with malware.

- Advertisement -
Follow us on Google News

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.