Hackernews state that the malware is in its early stage of development, with the first signs of activity emerging in January 2021. 

Once Teabot has been installed on a victim’s device, it disguises itself as well-known players within media services and package delivery, such as VLC Media Player and UPS, and makes the user grant it access to accessibility services. 

Once such access is granted, attackers can record keystrokes and record the screen of the victim’s device to steal sensitive user information from banking apps. 

Malware using this method is on the rise, and TeaBot is not the first malware that use accessibility services as an entrance to gain control of an infected device and steal sensitive data. Financial apps need to be aware of the threats and make sure they have the solutions to protect themselves against malware like TeaBot.  

Promon SHIELD™ protects against malware on the device trying to inject into your app and blocks it from stealing sensitive user data. Our App Shielding solution blocks malware from attacking your app by exploiting the Android accessibility services to perform attacks such as key-logging and recording of the victim’s screen.