This money-stealing scam app is FORBIDDEN by the Google Play Store! did you download it? REMOVE

A money-stealing scam app was found to have been downloaded more than 10,000 times from the Google Play Store. If you still have this app, uninstall it now!

A particularly malicious trojan banking app for Android phones has just been unveiled. This money-stealing scam app targeted banking apps, online wallets, insurance apps, crypto wallets and more to steal data and passwords. Once recovered, it would share access with the hackers, who would steal the victim’s money. The scariest thing about this online scam is that the app was found in the Google Play Store and downloaded more than 10,000 times by innocent users. It’s called the ‘QR Code & Barcode – Scanner’ app and has since been banned from the Google Play Store. Read on to know how this Google Play Store banned app worked.

The incident came to light after a report by Cleafy, an online fraud management and prevention company, which emphasized that the trojan malware released by the TeaBot app surfaced in early 2021. The trojan was designed to steal “victim’s credentials and text messages”. The malware was very intelligent and was designed to hide in plain sight.

How this Google Play Store scam app stole money from users

The QR Code & Barcode – Scanner app itself is designed to provide some benefits to users and as a result became quite popular. And because it worked as advertised, it had generally positive reviews. But while the app looked real, it was really an online scam app. Once downloaded, it would immediately ask for permission to download a second app called QR Code Scanner: Add-On. This app contained multiple Teabot malware samples.

Once installed, the trojan would ask for permission to operate the smartphone’s screen. Once it had that, it would fish out sensitive information like login credentials, text messages, and two-factor authentication codes. It has also maliciously requested permission to allow Teabot to record keyboard input and thus access more sensitive data with ease.

“Since the dropper application distributed in the official Google Play Store only asks for a few permissions and the malicious app is downloaded at a later time, it can get confused among legitimate applications and is almost undetectable by common antivirus solutions the report said. said.

The app worked from the Google Play Store and has apparently evolved over the past two years. Previously, the trojan was distributed through SMS-based phishing campaigns where users would get fake updates for common apps and once the victim downloaded it, the trojan would be planted. This money stealing scam app has been removed by Google but you can still have it on your smartphone.

To find out if you have the app on your smartphone, go here clutch and confirm. If you do have it, make sure to delete it immediately. Also, never give app permissions that are not required in the future. Always take a moment to read the permissions it asks for, and if it is found suspicious, immediately uninstall the app and report it.

Arun Agarwal
I am Arun Agarwal, a passionate blogger and gamer. I love to share my thoughts on games and technology through blog posts. I’m also an avid reader of books about history, philosophy, science-fiction, and other genres as well as an anime fan. I like reading books that give me new perspectives or help me think differently about the world around us.