Did You Install This Android Banking Trojan? Over 10,000 People Have

pcmag.com:

In yet another case of malicious software making it on to the Google Play store, Android users need to check they didn't unknowingly install a banking trojan.

As Ars Technica reports, security company Cleafy discovered that a trojan called TeaBot or Anatsa first spotted in May last year has returned. Unfortunately, it managed to remain undetected as it passed through Google's security checks and made its way on to the Google Play store hidden inside an app called QR Code & Barcode Scanner.

Google has now removed the app, but not before over 10,000 users downloaded it to their Android devices. Once installed, it immediately requests an update and installs a second app called QR Code Scanner: Add-On, which allows the trojan to go to work stealing your data. The update doesn't occur through Google Play, which explains why Google didn't detect the first app as being malicious.

This new version of TeaBot goes well beyond banks and now targets over 400 apps, including "home banking applications, insurances applications, crypto wallets and crypto exchanges." Once your device is infected, the malware uses streaming software to allow the screen to be viewed remotely and account takeovers performed.

If "QR Code & Barcode - Scanner" and "QR Code Scanner: Add-On" sound familiar, check your Android device to see if they are installed. If so, they need to be removed immediately and your banking/insurance/crypto accounts checked for malicious activity. It's also highly-recommended that you use a reputable Android antivirus app to help avoid such infections in future, especially when you consider they are making it on to the official Google app store.

Sign up for What's New Now to get our top stories delivered to your inbox every