XCBG 바이러스

헬가 스미스행진 11, 2022마지막 업데이트: 행진 12, 2022
19 1 분 읽기

The TeaBot banking trojan was again found in the Google Play Store, where it posed as a QR code reader (QR Code & BarcodeScanner) and managed to spread to more than 10,000 장치. The malware targets users of more than 400 banking and financial applications, including those from Russia, Android 악성코드 Roaming Mantis는 악성코드 및 피싱 공격을 사용하여 독일 및 프랑스의 Android 및 iPhone 사용자를 대상으로 합니다., and the United States.

According to a report from 클리피, Craftsart 만화 사진 도구에는-infected applications act as droppers. 그건, they get to the Xenomorph는 SMS 알림을 가로채서 필요한 코드를 추출할 수 있습니다. without malicious code and request minimal permissions from the user, so that it is difficult for reviewers and Google’s automated checks to detect anything suspicious.

게다가, trojanized applications actually work, delivering the promised functionality, so the reviews about them are mostly positive.

Google Play 스토어의 TeaBot

예를 들면, QR Code & Barcode – Scanner that was discovered in February, looked like a regular utility for scanning QR codes. 하나, once installed, the app requested an update via a pop-up message, and instead of the standard procedure set by the Play Store rules, the update was downloaded from an external source.

The experts traced the source of these downloads to two 깃허브 repositories owned by the user feleanicusor and containing several samples of the TeaBot malware, uploaded on February 17, 2022.

Google Play 스토어의 TeaBot
Attack scheme

Once thisupdateis complete, TeaBot is downloaded to the victim’s device as a new QR Code Scanner: Add-On application. This application starts automatically and requests the rights to use Accessibility Services to perform the following functions:

  1. view the device screen and create screenshots that show login credentials, two-factor authentication codes, SMS content, 등등;
  2. automatic granting of additional permissions to malware in the background, which does not require user intervention.

Google Play 스토어의 TeaBot

재미있게, earlier versions of TeaBot, discovered in January 2021 and studied by 비트디펜더, exited if they detected that the victim was in the United States. Now TeaBot also attacks users from the United States, and also received support for Russian, Slovak and Chinese languages, 그건, the malware attacks any users without making exceptions.

또한, compared to samples from early 2021, the malware is now more obfuscated, and the number of its target applications has increased by 500% – from 60 에게 400. These include banking and insurance applications, as well as cryptocurrency wallets and exchange solutions cryptocurrencies.

우리도 그렇게 썼다는 것을 상기시켜 드리겠습니다. Craftsart 만화 사진 도구에는 Craftsart 만화 사진 도구에는 Craftsart 만화 사진 도구에는, 그리고 그 초록에뮤 Android 악성코드는 스마트폰을 "루트"하고 탐지를 회피합니다..

태그
헬가 스미스행진 11, 2022마지막 업데이트: 행진 12, 2022
19 1 분 읽기

헬가 스미스

저는 항상 컴퓨터 과학에 관심이있었습니다, 특히 데이터 보안 및 테마, 요즘은 "데이터 과학", 10 대 초반부터. 편집장으로 바이러스 제거 팀에 오기 전, 저는 여러 회사에서 사이버 보안 전문가로 일했습니다., 아마존 계약자 중 한 명 포함. 또 다른 경험: 나는 Arden과 Reading 대학에서 가르치고 있습니다..

회신을 남겨주

이 사이트는 스팸을 줄이기 위해 Akismet 플러그를 사용. 귀하의 코멘트 데이터가 처리되는 방법 알아보기.

맨 위로 버튼