Time and time again it happens that malicious software is available for download on the Google Play Store despite all security measures. In the current case, it is the “QR code and barcode scanner”, such as the “Cleafy” portal. reported.
The app itself works pretty normally and does what you’d expect. However, it also works as a dropper for the well-known TeaBot malware. This means that after installation, the scanner will ask the user for permission to update. If you grant this, TeaBot will be installed on the smartphone.
Android malware in the Play Store: this is how you should react now
TeaBot is used to steal login details from banking apps or crypto wallets. To do this, the malware simulates the login mask of the corresponding applications. TeaBot can now mimic over 400 apps.
Meanwhile, “QR Code & Barcode Scanner” has been removed from the Play Store. Before that, however, it was downloaded more than 10,000 times.
Since there are many harmless apps with almost identical name, it can be hard to know if you are affected. So, when in doubt, you should search for “QR Code Scanner – Plugin” in your list of apps. TeaBot hides behind this name. If you have the Trojan installed, you will need to remove the application, check your bank accounts and change your login details.
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.