6 Android apps that you should delete: they are plagiarism infected with a banking Trojan

Published by: MRT

Published on:

6 Android apps that you should delete: they are plagiarism infected with a banking Trojan

There are times when fake versions of well-known, successful applications with millions of downloads slip into the Google Play Store. And if for whatever reason we download this plagiarism, we can find ourselves suffering from data theft to mobile phone hijacking, advertising bombs, etc.

But, in this case that we are commenting on today, there must be a curious combination: Because if you have one of these infected apps and an official one from one of the affected banking entities, the demonic combo that the cybercriminal authors of this hack is looking for occurs.

TeaBot Trojan

It is known as ‘TeaBot’ or ‘Anatsa’, and we have already seen its working mechanisms before. The expert cybersecurity researchers at Bitdefender have discovered a batch of new malicious apps for Android posing as the real ones from popular brands, plus they are infected with TeaBot.

According to a first analysis report, malware can:

– Perform overlay attacks via Android accessibility services

– Intercept messages

– Perform various keylogging activities

– Steal Google authentication codes

– Take full remote control of Android devices.

6 plagiarism apps to delete

Bitdefender has identified up to 6 new malicious apps for Android including the Teabot banking Trojan and they pretend to be the real ones. Two of the apps are mentioned as banking malware on Twitter, and all are based on popular apps that reside on Google Play, some with more than 50 million downloads. It’s no wonder criminals try to take advantage of its popularity.

The fake apps “They don’t have any of the functionalities of the original version. They ask permission to show themselves on other applications, show notifications and install applications outside of Google Play, after which they hide the icon”. From time to time, fake apps they will show ads out of context and end up downloading and trying to install Teabot, according to CnC instructions.

For example, VLC MediaPlayer.apk actually tries to impersonate one of the most famous media players on the Google Play Store, called VLC. Check if you have one of these apps:

Uplift: Health and Wellness App



Rocycnyru: THIS Bosbpat

Kaspersky: Free Antivirus

VLC MediaPlayer

In the left column, the name of the fake app, on the right the real and safe app. As can be seen, in some cases the icons are the same

Bank apps that attack

The start of this campaign of rogue Android apps dates back to early December 2020, earlier than previously identified. But the most curious thing is how it works, because in itself TeaBot malware is designed not to just attack your phone, but to search for specific items.

In this case the Trojan, when it is already on the smartphone, seeks its primary objective: Banking applications, which it attacks to steal user data and money. At the moment there are 24 official apps detected by Bitdefender as targets of TeaBot. According to Bitdefender, TeaBot’s ability makes “your operators can adapt it at any time, add more banks or eliminate compatibility with some. The list is valid right now, but is likely to change in the future ”:

  • Bankia Wallet
  • BankinterMóvil
  • BBVA Spain | Online banking
  • BBVA Net Cash | ES & PT
  • Kutxabank
  • Santander
  • Bankia
  • CaixaBankNow
  • Liberbank Digital Banking
  • Open bench – bancamóvil
  • UnicajaMovil
  • BBVA Mexico (BancomerMóvil)
  • Banco Sabadell App. Your mobile bank
  • Commerzbank Banking – The app at your side
  • comdirect mobile App
  • SparkasseYour mobile branch
  • Deutsche Bank Mobile
  • Banco Sabadell App. Your mobile bank
  • VR Banking Classic
  • Cajasur
  • GroupCajamar
  • BW mobile banking with smartphones and tablets
  • Ibercaja
  • ING Spain. Mobile banking


Disclaimer: This article is generated from the feed and not edited by our team.