FluBot and TeaBot Malware Campaigns Attacks Androids

Since the beginning of December, researchers from the Bitdefender Mobile Threats team claim to have intercepted over 100,000 malicious SMS messages trying to spread Flubot malware.

The Romanian cybersecurity company outlined its findings in a report released on Wednesday. “Findings suggest attackers are modifying their subject lines and using older yet proven scams to entice users to click,” the report read. Additionally, the nations that attackers are focusing on in this campaign are changing quickly.

According to reports, the new surge of attacks began in newer nations like Romania, the Netherlands, and Thailand in the middle of January, with the majority of attacks reportedly occurring in Australia, Germany, Poland, Spain, Austria, and Italy.

The main method of distribution for FluBot (also known as Cabassous) campaigns is smishing, in which users are tricked into clicking a link that downloads malware after receiving an SMS message asking, “Is this you in this video?”

According to the researchers, “this new vector for banking trojans indicates that attackers are seeking to expand beyond the regular malicious SMS messages.”

Get Legit Cash App Money Transfer  Now

What you can achieve with our Cashapp transfer service is unlimited unless you don’t know how to do business or probably spend money.


  • Cashtag $name
  • Cashapp Email
  • Cashapp Account Holder’s Full Name (To help us send with description to the holder)
  • Let us know of any specific instructions you will want us to add to your transfer, but if there are none then we will handle it

TeaBot poses as a QR code scanner application.

Not just FluBot, either. Another Android trojan known as TeaBot (also known as Anatsa) has been seen skulking around on the Google Play Store as an app called “QR Code Reader – Scanner App,” attracting more than 100,000 downloads while disseminating 17 different variants of the malware between December 6, 2021, and January 17, 2022.

See More: Top 10 Mobile Banking Trojans

The app does provide the promised functionality, but it’s also built to download a malicious APK file that is stored on GitHub. However, it won’t do this until it has confirmed that the current registered operator’s country code does not begin with the letter “U.”

The installation of the rogue app then involves presenting a fake UI notifying the user that an add-on update is required and that the setting to allow installs from unknown sources needs to be enabled in order to apply the update.

BitDefender claimed to have discovered four additional dropper applications that have been distributing the TeaBot malware on the Play Store since at least April 2021: 2FA Authenticator, QR Scanner APK, QR Code Scan, and Smart Cleaner.

Versioning is another interesting tactic used by the operators. It involves uploading a benign version of an app to the app store in order to get around Google’s review process, only to replace the codebase over time with more malicious functionality through updates at a later time.

The malware authors are thought to have paid to appear in Google Ads placed within other legal applications and games in addition to getting around Play Store protections to infect a larger population, “giving them screen time in an app that could have millions of users.”

The investigation supports an earlier claim from the Dutch cybersecurity company ThreatFabric, which discovered six Anatsa droppers on the Play Store since June 2021. The apps were designed to download a “update” and then ask users for authorization to install apps from unidentified third-party sources and access the Accessibility Service.

In a similar development, Pradeo researchers discovered that the “2FA Authenticator” two-factor authentication app, which has been downloaded more than 10,000 times through the Google Play store, contains the banking trojan Vultr, which targets financial services to steal users’ banking information.

“The application called 2FA Authenticator is a dropper leveraged to spread malware on its users’ devices,” the researchers said. “It has been developed to look legitimate and provide a real service. To do so, its developers used the open-source code of the official Aegis authentication application to which they injected malicious code.”

According to Richard Melick, director of product strategy for endpoint security at Zimperium, “malicious actors approach malware like a product, with development and versioning, working hard to circumvent security technologies and acquire more victims.”

“When one version is disrupted, the bad actors return to creating the next one, particularly if the results were successful. Additionally, the mobile endpoint is a very profitable target for intruders “Melick threw in.

GriftHorse to Dark Herring

The news comes as Zimperium zLabs revealed information about yet another premium service abuse campaign similar to GriftHorse that used as many as 470 innocent-looking applications to trick users into subscribing to $15 per month in-app purchases.

Over 105 million users in over 70 countries are reportedly impacted by the billing fraud, also known as “fleeceware,” with the majority of victims being in Egypt, Finland, India, Pakistan, and Sweden.

The mammoth operation, which the mobile security company codenamed “Dark Herring,” has been backtraced to March 2020, making it one of the longest-running mobile SMS scams discovered to date.

The massive collection of malicious apps has since been removed from the Play Store, but they are still accessible on unofficial app stores, highlighting the risks associated with sideloading software onto mobile devices.

According to Zimperium researcher Aazim Yaswant, “in addition to over 470 Android apps, the distribution of the malware apps was exceptionally well-planned, spreading their apps across numerous, varied categories, widening the range of potential victims.” The fact that the apps themselves worked as promised contributed to the false feeling of security.

Click Here to Get Legit Cash App Money Transfer


Get $500 Cashapp Get $750 Cashapp | Get $1k Cashapp | Get $2k Cashapp Get $5k Cashapp  | Get $4k CAshapp 

cashapp flip legit store

Leave a Comment

Your email address will not be published. Required fields are marked *