06 May 2020
We use several authentication options to keep our sensitive information safe from a potential threat. There are levels of security available to us, including system-level protection supported by our smartphones and some third-party apps as well that help us in keeping our data in the vault and protect it from any kind of intruders. But from time to time, new invaders arrive and try to steal our information so as to take advantage of it. One such malware has now been found which affects the Android smartphones and target banking applications specifically by bypassing even the extra layers of protection.
The name of this Android malware is EventBot and it has been found by the security researchers’ team at Cybereason firm. The team discovered that the trojan disguises itself as a legitimate Android app and abuses Android’s accessibility features to ill-treat your data. The team found out that EvenBot is using several icons to masquerade as a genuine application. It is not currently available on Play Store but it impersonates many icons like Microsoft Word and Adobe Flash to exploit data.
According to the report from Cybereason, EventBot malware particularly targets sensitive information like banking passwords, data from financial applications. The malware can also bypass the two-factor authentication (2FA), a security process that adds an extra layer of protection to ensure the security of your online accounts. The EventBot can read SMS messages and steal them to unlock the 2FA and thus get deeper access to your accounts.
Once installed, the EventBot prompts the user to give it access to accessibility services and once the permission is granted, it can act as a keylogger and can retrieve notifications about other installed applications.
As per Cybereason’s key findings, the EventBot targets users of over 200 different financial applications, including money transfer services, crypto-currency wallets. Some of these targeted applications are Paypal Business, HSBC UK, Coinbase, TransferWise, and many more. Also, these intruders target these applications across the US, Europe, including Italy, the UK, Spain, Switzerland, France, and Germany.
The team says that EventBot is a “brand new” malware and that’s why a matter of their interest. According to what the researchers have found, the malware is currently in the early stages and has real potential to become the next big mobile malware as well. The team found that the malware is constantly improving and it has encountered different versions of the malware. Over time, the malware has rapidly evolved and each version is expanding its capability even further. In more up-to-date versions of Android, the EventBot malware even asks for permission to run in the background before deleting itself from the launcher.
The makers behind the malware are unknown and it may take some time to locate them and eradicate them completely. Meanwhile, researchers suggest users not to download any untrusted apps from third-part sites and store.