Published On: Thu, Apr 30th, 2020

Meet EventBot, a new Android malware that steals banking passwords and two-factor codes

Security researchers are sounding a alarm over a newly detected Android malware that targets banking apps and cryptocurrency wallets.

The malware, that researchers during confidence organisation Cybereason recently detected and called EventBot, masquerades as a legitimate Android app — like Adobe Flash or Microsoft Word for Android — that abuses Android’s in-built accessibility facilities to obtain low entrance to a device’s handling system.

Once commissioned — possibly by an gullible user or by a antagonistic chairman with entrance to a victim’s phone — the EventBot-infected feign app sensitively siphons off passwords for some-more than 200 banking and cryptocurrency apps — including PayPal, Coinbase, CapitalOne and HSBC — and intercepts and two-factor authentication content summary codes.

With a victim’s cue and two-factor code, a hackers can mangle into bank accounts, apps and wallets, and take a victim’s funds.

“The developer behind Eventbot has invested a lot of time and resources into formulating a code, and a turn of sophistication and capabilities is unequivocally high,” Assaf Dahan, conduct of hazard investigate during Cybereason, told TechCrunch.

The malware sensitively annals each daub and pivotal press, and can review notifications from other commissioned apps, giving a hackers a window into what’s function on a victim’s device.

Over time, a malware siphons off banking and cryptocurrency app passwords behind to a hackers’ server.

The researchers pronounced that EventBot stays a work in progress. Over a duration of several weeks given a find in March, a researchers saw a malware iteratively refurbish each few days to embody new antagonistic features. At one indicate a malware’s creators softened a encryption intrigue it uses to promulgate with a hackers’ server, and enclosed a new underline that can squeeze a user’s device close code, expected to concede a malware to extend itself aloft privileges to a victim’s device like payments and complement settings.

But while a researchers are stumped as to who is behind a campaign, their investigate suggests a malware is formula new.

“Thus far, we haven’t celebrated transparent cases of copy-paste or formula reuse from other malware and it seems to have been created from scratch,” pronounced Dahan.

Android malware is not new, though it’s on a rise. Hackers and malware operators have increasingly targeted mobile users since many device owners have their banking apps, amicable media, and other supportive services on their device. Google has softened Android confidence in new years by screening apps in a app store and proactively restraint third-party apps to cut down on malware — with churned results. Many antagonistic apps have evaded Google’s detection.

Cybereason pronounced it has not nonetheless seen EventBot on Android’s app store or in active use in malware campaigns, tying a bearing to intensity victims — for now.

But a researchers pronounced users should equivocate untrusted apps from third-party sites and stores, many of that don’t shade their apps for malware.

Millions downloaded dozens of Android apps from Google Play that were putrescent with adware

About the Author