Legit QR Reader App Gets Malicious Update From TeaBot Banking Trojan

Published: April 21, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



It seems QR squares and barcodes are everywhere. They are chock-full of information available with a quick scan. As a result, countless QR code reader apps are a hot item for download by smartphone users on Google Play Store, so it’s just a matter of choosing one you like best. But there’s one app in particular “QR Code & Barcode – Scanner” that does all of that and unfortunately, much more. That is, with the help of a relatively new but already notorious banking trojan called TeaBot.


The QR Code & Barcode – Scanner app on Google Play has no malware hiding and nothing for app scanners to find. This app runs as expected and has over 10,000 downloads. However, it has other plans for installing TeaBot after the initial download.



TeaBot Infusion


This QR app gets its malware infection from TeaBot in an unconventional way. Once the user downloads the app, they’re messaged via an infected link holding malicious code, that an update is available. But rather than the update coming from Google’s servers, it’s a bogus update installing TeaBot from an external GitHub folder hosting the malware.


With the fake update installed, a new app shows up on the mobile device as “QR Scanner: Add-On.” TeaBot starts its installation by asking for permission to Accessibility Services, among others, to get the privileges it needs. Once installed, TeaBot performs actions without authentication from the user. That’s when TeaBot goes to work siphoning all financially related user data, draining the funds from their accounts.



Smart Downloading


As malicious apps get better at concealing their malware from the official app stores, users need to download smarter than ever before. There are suggestions everyone can use to download apps smarter and safer. First, download apps only from the official app stores for your devices. Both Google and Apple stores scan all apps for malware. Although not perfect, they catch more malicious apps than any other sources. Sideloading apps from unofficial app sites opens a potential world of hurt since they are not scanned for malware as often or perhaps as thoroughly. Before choosing an app for download, do a thorough background check. Always read user reviews showing the good and bad sides of an app.


Also, some newer phones already have a QR scanner built-in to their camera so there’s no need for a third-party scanner to begin with. Following the above advice helps keep your device malware-free because being better informed leads to smarter app choices.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

2 views0 comments