The malware disguises as fake versions of popular Android applications, including antivirus apps, audiobook players and the VLC open-source media player, and uses names and logos that are slightly different from the real ones, according to Bitdefender cybersecurity researchers.
The malicious apps are hosted on third-party websites, but are not distributed by the official Google Play Store. These apps use a fake ad blocker app to lure victims into downloading and installing the app, which often claims that a malicious app has damaged the smartphone. Clicking a link to solve the issue will then download TeaBot onto the Android device.
Bitdefender researchers advise users to “never install apps outside the official store. Also, never tap on links in messages and always be mindful of your Android apps’ permissions.”