the SMS virus and another hidden in apps

the SMS virus and another hidden in apps

They detect new campaigns distributing FluBot and TeaBot malware via messages or app lures to Android users in Australia, Germany, Poland, Romania and Spain.

Being permanently connected to the Internet exposes us to malware and viruses of all kinds that circulate through the network. Now two dangerous viruses targeting the Android operating system are back on the attack.

FluBot moves on SMS

FluBot malware spreads via fake and deceptive SMS such as “Are you in this video?”, browser updates, and voice message notifications for malicious purposes.

The most recent campaign of this malware was tracked by Bitdefender Labs researchers and intercepted more than 100,000 malicious SMS since December 2021 reflecting a massive distribution volume of this threat actor on Android.

When FluBot infects a device, it uses the victim’s contact list to continue sending false SMS, achieving higher rates of cheating under this method, since the recipients trust each other because it is an SMS they receive from a known contact. There has been a high rate of FluBot activity in 2021 and in 2022 it seems that the trend will continue at the same pace.

TeaBot manages to infiltrate the Play Store

On the other hand, TeaBot is a android banking trojan discovered a year ago and has a global reach. According to Bitdefender, this virus has been present in the Play Store in December 2021. The type of applications in which TeaBot is distributed are the following:

  • QR Code Reader – Scanner App – 100,000 Downloads
  • QR Scanner APK – 10,000 downloads
  • QR code scanning: 10,000 downloads
  • Smart cleaner: 1,000 downloads
  • Weather Cast – 10,000 downloads
  • Weather Daily – 10,000 downloads
Read:  Apple presents iOS 15.1: all the news

None of the mentioned apps had a malicious function, therefore, was not detected by the Google Play Store app review process thus reaching high rates of infection among users who downloaded them.

Once the apps were installed and launched on the victims’ device, a background service was started that checked the country code and stopped if the result was Ukraine, Uzbekistan, Uruguay or the United States. Between December 6, 2021 and January 17, 2022, Bitdefender analysts counted 17 different versions of TeaBot that infected devices through the applications mentioned above.

In conclusion, it is highly recommended to pay attention to new installations, review user reviews about the app we want to install, and only grant permissions when strictly necessary.