A malicious app downloaded from Google Play more than 10,000 times surreptitiously installed a remote access trojan that stole users’ passwords, text messages, and other confidential data, a security firm reported.
The trojan, which goes under the names TeaBot and Anatsa, came to light last May. It used streaming software and abused Android’s accessibility services in a way that allowed the malware creators to remotely view the screens of infected devices and interact with the operations the devices carried out. At the time, TeaBot was programmed to steal data from a predefined list of apps from about 60 banks around the world.
On Tuesday, security firm Cleafy reported that TeaBot was back. This time, the trojan spread through a malicious app called QR Code & Barcode Scanner, which as the name suggested, allowed users to interact with QR codes and barcodes. The app had more than 10,000 installations before Cleafy researchers notified Google of the fraudulent activity and Google removed it.