Trojan

TeaBot

First seen: 2021-01 • Status: active

Currently Active Threat

TeaBot hides in innocent-looking apps on Google Play. Once installed, it steals your banking passwords and can even take over your phone.

Overview

TeaBot/Anatsa is an Android banking trojan that frequently appears in the Google Play Store disguised as legitimate apps. It targets banking apps in Europe and the US.

Also Known As

Anatsa, Toddler

How It Spreads

  • Google Play Store dropper apps
  • Fake apps
  • Malvertising

What It Does

  • Banking credential theft
  • Remote control
  • SMS interception
  • Keylogging

Is your business exposed?

Target Platforms

Android

Detection Tips

  • Review app permissions carefully
  • Watch for battery drain

MITRE ATT&CK Techniques

T1417, T1411, T1056

If You're Infected

  1. 1.

    Remove suspicious apps

  2. 2.

    Change banking credentials

Related Malware

Cerberus, Anubis

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices