Bitdefender’s Mobile Threat researchers have warned about some newly discovered Flubot and Teabot campaigns. The researchers claim that since December 2021 they have intercepted over 100,000 malicious SMS messages which were aiming to distribute Flubot malware.
The researchers have said that they have observed that the attacks are more active in Germany, Spain, Poland, Australia, Italy and Austria, as well as newer countries in January such as Thailand, the Netherlands and Romania.
“We determined it was a TeaBot variant, and further investigation led to the finding of a dropper application in Google Play Store named the ‘QR Code Reader – Scanner App’, with over 100,000 downloads, that has been distributed 17 different TeaBot variants for a little over a month,” the researchers said in their detailed report.
The researchers also identified another trojan called Teabot, which is masquerading as ‘QR Code Reader – Scanner App’ on the Google Play Store. The Teabot trojan has been downloaded 100,000 times between December and January, delivering 17 different variants of the malware.
Hank Schless, Senior Manager of Security Solutions at Lookout said, “this incident is exemplary of the problems that the malware-as-a-service (MaaS) market creates for consumers and enterprises alike. This market has made malware and phishing kits incredibly accessible for even the least skilled threat actors. Usually, for a very small price, someone can go online and find one of these kits fully built and ready to be used. Once they acquire the kit, all the attacker needs to do is host it on a web domain then build a delivery mechanism. Most frequently, this mechanism is some form of message targeting mobile users because of the number of ways you can deliver a message to these devices via SMS, email, social media platforms, third party messaging apps, gaming and even dating apps.”