Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 00:16:51 UTC
Home > List all groups > List all tools > List all groups using tool TeaBot
 Tool: TeaBot
Names
TeaBot
Anatsa
Toddler
ReBot
Category Malware
Type Banking trojan, Backdoor, Info stealer, Keylogger, Credential stealer
Description
(Cleafy) TeaBot appears to have all the main features of nowadays Android bankers achieved
by abusing Accessibility Services such as:
• Ability to perform Overlay Attacks against multiple banks applications to steal login
credentials and credit card information
• Ability to send / intercept / hide SMS messages
• Enabling key logging functionalities
• Ability to steal Google Authentication codes
• Ability to obtain full remote control of an Android device (via Accessibility Services and
real-time screen-sharing)
Information https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=20e120b6-d35c-43c8-af2a-25302b78b59a
Page 1 of 2

<https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google>
Malpedia <https://malpedia.caad.fkie.fraunhofer.de/details/apk.anatsa>
Last change to this tool card: 19 June 2024
Download this tool card in JSON format
All groups using tool TeaBot
Changed Name Country Observed
Unknown groups
  _[ Interesting malware not linked to an actor yet ]_  
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=20e120b6-d35c-43c8-af2a-25302b78b59a
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=20e120b6-d35c-43c8-af2a-25302b78b59a
Page 2 of 2