A banking trojan that stole users’ passwords and data was recently discovered on Google Play by Cleafy, the online fraud management and prevention solution.
The company’s latest report found that the so-called TeaBot banking trojan (or Anatsa and Toddler) is targeting European banks to steal two-factor authentication codes via text.
The malware has further evolved to target users in the US, Hong Kong and Russia.
Previously the trojan was being delivered as a fake in-app update.
An app called QR Code & Barcode – Scanner scored over 10,000 downloads and while it looks like a legitimate app, it does request permission to download a second app called QR Code Scanner: Add-On which then carries the bot.
Google removed the app from Play.