It happens again and again that malware is available for download in the Google Play Store despite all the security measures. In the current case, this is a “QR code & Barcode Scanner”, same as the “Cleafy” portal mentioned.
The app itself works normally and does what you expect. However, it also acts as a dropper for the well-known TeaBot malware. This means that after installation, the scanner will ask the user for permission to update. If you grant this, TeaBot will be installed on the smartphone.
Android malware in the Play Store: This is how you should react now
TeaBot is used to steal access data from banking apps or crypto wallets. To do this, the malware mimics the login mask of the corresponding applications. TeaBot can now simulate over 400 apps.
Meanwhile, “QR Code & Barcode – Scanner” has been removed from Play Store. Before that, it had been downloaded more than 10,000 times.
Since there are many harmless apps with almost identical name, it can be difficult to tell if you are infected. So, if in doubt, you should search for “QR Code Scanner: Add-On” in your apps list. TeaBot is hiding behind this name. If you have a Trojan installed, you should delete the application, check your bank accounts, and change your access data.
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”