New Teabot and Flubot Malware attack campaigns have been noted across a range of countries, including Australia, Germany, Poland, Spain, and Romania. The campaigns use SMS-phishing and malware-loaded apps to infect devices.
Flubot Malware uses a number of lures in its SMS campaign, including fake courier messages, “Is this you in this video?” coaxes, phony browser updates, and fake voicemail notifications.
BitDefender have been tracking the latest Flubot Malware campaign, and have intercepted 100,000 malicious SMS since last month.
According to BitDefenders report, the Flubot Malware operators conduct attacks in short-term waves using different lures for each country.
Once a device is infected with Flubot malware, the contact list is hijacked to send out additional SMS lures, increasing infection rate exponentially as it continues.
Flubot Malware was active throughout 2021, and given the operators activity in the last few weeks, they seem keen to continue their work.
Teabot, a peer of Flubot Malware, was spotted initially in January 2021. According to the Bitdefender report, Teabot has been seen to hide in apps in the Google Play Store since December 2021.
According to the researchers, TeaBot is distributed to unsuspecting victims via trojanized apps on the Google Play Store, including:
- QR Code Reader – Scanner App – 100,000 downloads
- QR Scanner APK – 10,000 downloads
- QR Code Scan – 10,000 downloads
- Smart Cleaner – 1,000 downloads
- Weather Cast – 10,000 downloads
- Weather Daily – 10,000 downloads
None of these applications featured malicious functionality, and all offered the promised features, which allowed them to pass the Google Play Store’s review process and reach a wider infection pool.
Moreover, the actors actively promoted these apps by paying to appear in Google Ads served within other applications and games.
However, once installed and executed on the victim’s device, the apps started a background service that checked the country code and stopped if the result was Ukraine, Uzbekistan, Uruguay, or the United States.
The app retrieved its configuration for all other victims and fetched an APK from a GitHub repository, which contained a TeaBot variant. At the same time, the apps prompted the user to allow third-party sources to install packages.
Between December 6, 2021, and January 17, 2022, Bitdefender analysts have counted 17 different versions of TeaBot infecting devices through the listed apps.
The TeaBot campaign illustrates that even when installing software from the Google Play Store, it does not mean that you will always be safe.
Therefore, it is advisable to remain vigilant with new installations, check user reviews, monitor the app’s network and battery usage, and only grant non-risky permissions.
Overall, the malware families in this sample have received 5,974 transfers from victims in 2021, up from 5,449 in 2020.
Which malware families were most active?
Protection Against Teabot and Flubot Malware
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories
Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.