Attackers have been using a technique called smishing and injecting a malicious Google Play QR reader to infect victims’ phones with malicious banking trojans. Researchers have detailed a variety of active campaigns delivering the Flubot and Teabot trojans via various different methods. In one case, malicious SMS messages containing a link that downloads the Flubot malware were delivered to over 100,000 targets’ inboxes. This campaign has been active since December, according to a report published by Bitdefender Labs earlier this week.
During their investigation, Bitdefender also discovered a QR code-reader app that has been downloaded more than 100,000 times from the Google Play store. The malicious app has delivered 17 different Teabot variants, according to the researchers. Flubot and Teabot are relatively new banking trojans, appearing just last year. They work similar to other banking trojans, seeking banking, contact, SMS, and other types of private data from infected machines.
Read More: Threat Actors Blanket Androids with Flubot, Teabot Campaigns