A new Android trojan has been identified by security researchers, who said on Monday that once it is successfully installed in the victim’s device, those behind it can obtain a live stream of the device screen and also interact with it via its Accessibility Services.
The malware, dubbed “Teabot” by security researchers with Cleafy, has been used to hijack users’ credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands.
Cleafy’s Threat Intelligence and Incident Response team first discovered the banking trojan in January and found that it enabled fraud against more than 60 banks across Europe. By March 29, Cleafy analysts found the trojan being used against Italian banks and by May, banks in Belgium and Netherlands were also dealing with it.
Research shows that Teabot is still under development but initially only focused on Spanish banks before moving on to banks in Germany and Italy. The malware now is currently supporting 6 different languages, including Spanish, English, Italian, German, French, and Dutch.