“TeaBot” hijacks users’ credentials and SMS messages to facilitate fraudulent activities against banks. The rogue Android application masquerades as media and package delivery services like TeaTV, VLC Media Player, DHL, UPS, and UPS. TeaBot is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021, followed by a rash of infections in the first week of May against Belgium and Netherlands banks. Other capabilities include disabling Google Play Protect, intercepting SMS messages, and accessing Google Authenticator 2FA codes.
Source: https://thehackernews.com/2021/05/experts-warn-of-new-android-banking.html