SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.anatsa (Back to overview)

Anatsa

aka: ReBot, TeaBot, Toddler

There is no description at this point.

References
2024-02-21CleafyFrancesco Iubatti
A stealthy threat uncovered: TeaBot on Google Play Store
Anatsa
2024-02-19ThreatFabricThreatFabric
Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach
Anatsa
2023-06-26ThreatFabricThreatFabric
Anatsa banking Trojan hits UK, US and DACH with new campaign
Anatsa
2022-05-13K7 SecurityBaran S
Teabot
Anatsa
2022-03-03GBHackers on SecurityGurubaran S
TeaBot Banking Trojan Posted as QR Code app in Google Play Store Targeting US Users
Anatsa
2022-03-01CleafyCleafy
TeaBot is now spreading across the globe
Anatsa
2022-01-27The Hacker NewsRavie Lakshmanan
Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices
Anatsa FluBot
2022-01-26BitdefenderBitdefender
New FluBot and TeaBot Global Malware Campaigns Discovered
Anatsa FluBot
2021-11-01ThreatFabricThreatFabric
Deceive the Heavens to Cross the sea
Alien Anatsa Hydra
2021-09-14TelekomThomas Barabosch
Flubot’s Smishing Campaigns under the Microscope
Anatsa FluBot
2021-07-17Twitter (@_icebre4ker_)_icebre4ker_
Tweet: new version of Teabot targeting also Portugal banks
Anatsa
2021-07-16PRODAFT Threat IntelligencePRODAFT
Toddler - Mobile Banking Botnet Analysis Report
Anatsa
2021-06-17K7 SecurityBaran S
Teabot : Android Banking Trojan Targets Banks in Europe
Anatsa
2021-06-01BitdefenderAlin Mihai Barbatei, Oana Asoltanei, Silviu Stahie
Threat Actors Use Mockups of Popular Apps to Spread Teabot and Flubot Malware on Android
Anatsa FluBot
2021-05-19Twitter (@ThreatFabric)ThreatFabric
Tweet on Anatsa android banking trojan targeting 7 more italian banks
Anatsa
2021-05-11nvisoJeroen Beckers
Android overlay attacks on Belgian financial applications
Anatsa
2021-05-10CleafyCleafy
TeaBot: a new Android malware emerged in Italy, targets banks in Europe
Anatsa
2021-05-05ThreatFabricThreatFabric
Smishing campaign in NL spreading Cabassous and Anatsa
Anatsa
2021-03-15BugurooBuguroo
Toddler: Credential theft through overlays and accessibility event logging
Anatsa
Yara Rules
[TLP:WHITE] apk_anatsa_w0 (20210914 | matches on dumped, decrypted V/DEX files of Teabot)
rule apk_anatsa_w0 {
    meta:
        author = "Thomas Barabosch, Telekom Security"
        version = "20210819"
        description = "matches on dumped, decrypted V/DEX files of Teabot"
        sample = "37be18494cd03ea70a1fdd6270cef6e3"
        source = "https://github.com/telekom-security/malware_analysis/tree/main/flubot"

        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/apk.anatsa"
        malpedia_version = "20210914"
        malpedia_license = "CC BY-NC-SA 4.0"
        malpedia_sharing = "TLP:WHITE"
    strings:
        $dex = "dex"
        $vdex = "vdex"
        $s1 = "ERR 404: Unsupported device"
        $s2 = "Opening inject"
        $s3 = "Prevented samsung power off"
        $s4 = "com.huawei.appmarket"
        $s5 = "kill_bot"
        $s6 = "kloger:"
        $s7 = "logged_sms"
        $s8 = "xiaomi_autostart"

    condition:
        ($dex at 0 or $vdex at 0)
        and 6 of ($s*)
}
Download all Yara Rules