A seemingly innocent robot app carries a dangerous payload. Criminals have managed to successfully hide a banking Trojan on the Google play store Android possibly infecting thousands of devices in an attempt to steal identities and two-factor substantiation codes.
A new report from a security firm clearly found that teapot banking Trojan sometimes referred to as anastsa or toddler was being disturbed as a succeeding stage payload from a seemingly legitimate app. The team found it was being distributed as an update to a nonmalicious fully functioning app called QR board scanner. The app work as intended scans barcodes and QR codes by the book and as such has acknowledged frequent positive reviews on the play store.
We are looking at how our readers use VPNs with different devices so we can content and offer better advice. This survey should not take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 amazon gift card. Cnet Source
Read More: Barnes and Noble is disabling Nook ebook purchases on Android
Delivering the payload
However, as soon as it is installed it requests permission to download a second application called QR code scanner Add on which according to the publication includes multiple teapot samples. The app has had more than 10000 downloads before being open for what it truly was and being removed from the app store. “Since the dropper application distributed on the official Google play store requests only a few permissions and the malicious app id downloaded at a later time it is able to get confused among legitimate applications and it is almost undetectable by general antivirus solution” clearly said. While Google did not comment on the result, it did remove the app from the store.
