TeaBot: a new Android malware emerged in Italy, targets banks in Europe

Full Technical Analysis - 10 May 2021

Key Points

  • At the beginning of January 2021, a new Android banking trojan was discovered and analyzed by our Threat Intelligence and Incident Response (TIR) team. We decided to dub this new family as TeaBot since it seems to not be related to any known banking trojan family
  • The main goal of TeaBot is stealing victim’s credentials and SMS messages for enabling frauds scenarios against a predefined list of banks (more than 60 targeted banks were extracted)
  • Once TeaBot is successfully installed in the victim’s device, attackers can obtain a live streaming of the device screen (on demand) and also interact with it via Accessibility Services  
  • On 29th March 2021, we detected for the first time the inclusion of injections against Italian banks
  • Also, at the beginning of May 2021, we detected for the first time also the inclusion of injections against Belgium and Netherlands banks
  • At the time of writing, TeaBot appears to be at its early stages of development according to some irregularities found during our analysis
  • For the sake of completeness, after our investigation we noticed that the name ‘Anatsa’ is also used for tracking this malware family


Download resource
Download the document
Get the PDF version
by subscribing to Cleafy LABS Bulletin series
Want to talk to us?

Tell us your needs,
We’ll find a solution