New FluBot and TeaBot campaigns target Android devices worldwide

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,534
New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania.

The SMS topics used for spreading the FluBot malware include fake courier messages, "Is this you in this video?" coaxes, phony browser updates, and fake voicemail notifications.
The most recent FluBot campaign was tracked by researchers at Bitdefender Labs, who intercepted over 100,000 malicious SMS since December 2021, illustrating the threat actor's massive volume of distribution.

According to the report, the FluBot operators conduct attacks in short-term waves using different lures for each country.
Upon infecting one device, the malware uses the victim's contact list to distribute other SMS lures, achieving better infection rates due to recipients' trust in known contacts and continuous growth.


FluBot distribution has remained active throughout 2021, and the reports about high-volume 2022 activity prove that its operators aren't ready to call it a day yet.

TeaBot on the rise in the Google Play Store​

TeaBot is a different Android banking trojan discovered in January 2021 and has a global reach.
As reported by Bitdefender, TeaBot has made multiple appearances on the Play Store since December 2021.

According to the researchers, TeaBot is distributed to unsuspecting victims via trojanized apps on the Google Play Store, including:
  • QR Code Reader – Scanner App – 100,000 downloads
  • QR Scanner APK – 10,000 downloads
  • QR Code Scan – 10,000 downloads
  • Smart Cleaner – 1,000 downloads
  • Weather Cast – 10,000 downloads
  • Weather Daily – 10,000 downloads