Android Devices At Risk As Hackers Use Fake Apps To Spread Trojan Malware, Steal Sensitive Info

Android devices now face a serious risk as hackers use fake apps to spread Trojan malware steal sensitive information from users, including banking and login details.

Bitdefender cybersecurity researchers alerted the public on June 1 about the new Trojan malware attack that puts Android devices at serious risk. The cybersecurity company shared the details about the attack it had discovered as well as some tips on how Android users can protect their devices from the threat.

Teabot, also known as Anatsa, is one of the newest Trojan families. Teabot lets cybercriminals steal users' sensitive information like banking details, login credentials, card numbers and passwords through fake applications, reported ZDNet.

Teabot launches its attack by creating fake versions of popular applications. The Trojan malware chooses to imitate apps that have been downloaded millions of times. However, the copycat version comes with a slightly different name or with a logo that's different from that of the legitimate app.

Once the unsuspecting victim downloads the counterfeit app, cybercriminals can now gain access to the sensitive information stored in the Android device, including private text messages, where one-time passwords are usually sent, as well as banking details.

Google Play Store does not distribute fake applications. The hugely popular marketplace has actually made it hard for cybercriminals to sneak malicious software into the app market.

This is why Teabot invades Android devices through third-party websites. Cybercriminals offer free services to persuade Android users to download applications from outside the Google Play Store.

Teabot was first spotted in December 2020. It was identified earlier this year and its campaign to spread fake apps continues to this day.

Additionally, Bitdefender learned of a strange distribution method that attackers use to spread the counterfeit apps. Apparently, they use a fake Ad Blocker app to distribute the Trojan malware, ZD Net noted.

Cybercriminals use the fake Ad Blocker app as a dropper that pops up to ask permission to display other applications and install apps that aren't from Google Play Store.

Once installed, the application remains hidden. Later, it creates an alert saying that the phone has been damaged and that the user should click on a particular link to resolve the issue. What the user doesn't know is that the link actually downloads Teabot.

To protect their devices from the threat, Android users should refrain from downloading any software from unknown sources. Instead, they should get apps only from the Play Store. They should also be careful when granting app permissions and avoid clicking on links included in messages.