A malicious banking Trojan app has just surfaced from an Android phone. This money theft scam is targeting banking apps, online wallets, insurance apps, crypto wallets and more to steal app data and passwords. As soon as the user resets the new password, the hackers steal the victim’s money by stealing the password. The scariest thing about this online scam is that the app was found on the Google Play Store and downloaded more than 10,000 times by innocent users. It is named ‘QR Code & Barcode – Scanner App’ and is now banned from Google Play Store.
The incident came after a report by Clifi, an online fraud management and prevention firm, highlighted that Trojan malware released by an app called Teabot surfaced in early 2021. The Trojan was designed to steal the “credentials and SMS” of the victim. Malware was designed very intelligently to hide.
How this scam app stole users’ money on Google Play Store
QR Code & Barcode – Scanner App was designed to provide certain benefits to the users and thus became quite popular. Since it worked as advertised, the reviews were positive. Though the app looked genuine, it was actually an online scam app. Once downloaded, it will immediately request permission to download another app called QR Code Scanner: Add-on. Several teabot malware was included in this app.