Fake VLC and AdBlock apps spread dangerous banking malware

Android smartphones are currently the target of bogus apps like VLC and Kaspersky that spread Flubot and Teabot malware. Bitdefender, at the origin of the discovery, takes the opportunity to recall that most of the dangers that target the Android ecosystem come from programs installed outside the Google Play Store.

Credit: Unsplash

Bitdefender details in its latest report a campaign currently targeting Android smartphone users. Hackers are spreading two dangerous banking malware named Teabot and Flubot. Teabot has been known for some time. Bitdefender explains: “The malware can carry out overlay attacks through Android’s accessibility services, intercept messages, perform various keystroke logging activities on the user’s keyboard, steal Google authentication codes and even take full remote control of Android devices ”.

Teabot is primarily banking malware. The goal is to get you to enter your credentials via a page that looks like the site of your bank., and to capture any double factor authentication codes received by SMS to connect to your account and transfer money. The campaign is currently mainly targeting Spain, but we are seeing a strong increase in cases in France. To deploy the malware, the hackers employ a complex ploy. The virus is embedded in a fake application, hosted outside the Google Play Store.

Android security: malicious actors spread banking malware through fake apps

Bitdefender claims to have detected the malware in the following list of applications:

  • VLC MediaPlayer
  • Kaspersky Free Antivirus
  • Госуслуги: Возврат НДС
  • PlutoTV
  • BookReader
  • Uplift: Health and Wellness App

A fake Ad Blocker application containing the malware is also spread. In any case, these applications are not on the Google Play Store. Hackers make sure to convince their victim to install them by sending them a simple link to a resource hosted on third-party servers. To make matters worse, hackers are also very active around another piece of malware, Flubot. However, it seems that the original pirate group is different, due to a difference in modus operandi. Flubot spreads more directly, mainly via links transmitted by SMS.

In this case, hackers mainly hide their virus in “DHL Express Mobile” and “FedEx Mobile” parcel tracking applications. Here again, we are starting to see cases in France, and the intensity of the campaign should increase in the coming weeks.

Don’t fall for apps hosted outside of the Google Play Store

However, it is quite simple to protect yourself against these threats. As Bitdefender explains in its press release: “The best way to avoid being hit by either of these two threats is to never install applications outside the official platform. In addition, you should not click on links in text messages, but rather always pay attention to the permissions of Android applications ”. In other words: always go through the Play Store.

Google has done a lot of work to make the Google Play Store a safe place. There are still, very sporadically, a few misbehaving app discoveries, but overall everything on the Google Play Store is now relatively safe. The use of installations outside the Play Store is rarely justified, for example to install an application only available on Google Pixel smartphones or to install certain games such as Fortnite that refuse to be present on the Play Store because of the commission. 30% charged by Google.

Also read: Android malware – beware, these 23 Play Store apps can empty your bank account

Under no circumstances will an entity as recognized as DHL, FedEX, VLC or even Kaspersky antivirus make you install their application outside of the Play Store. If a link or a contact suggests it, you can be pretty sure that the app you install contains a malicious payload. This is why you should not fall into the trap and systematically go through the application store when you receive an apparently “official” SMS asking you to install an application by following a link. Do you ever install apps outside of the Play Store? Why ? Share your feedback in the comments of this article!

Leave a Comment