New EventBot Banking Malware Takes Over Hacking Scene

A new type of mobile banking malware has been discovered abusing Android’s accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes.

Called “EventBot” by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets such as Cash app, Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase. The malware of one of the top 10 mobile banking trojan presently

See More: Top 10 Mobile Banking Trojan

 

“EventBot is particularly interesting because it is in such early stages,” the researchers said. “This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications. “The campaign, first identified in March 2020, masks its malicious intent by posing as legitimate applications (e.g., Adobe Flash, Microsoft Word) on rogue APK stores and other shady websites, which, when installed, requests extensive permissions on the device.

The permissions include access to accessibility settings, the ability to read from external storage, send and receive SMS messages, run in the background, and launch itself after system boot.

Android malware attack

If a user grants access, EventBot operates as a keylogger and can “retrieve notifications about other installed applications and content of open windows,” in addition to exploiting Android’s accessibility services to grab lockscreen PIN and transmit all the collected data in an encrypted format to an attacker-controlled server.

The ability to parse SMS messages also makes the banking trojan a useful tool to bypass SMS-based two-factor authentication, thereby giving the adversaries easy access to a victim’s cryptocurrency wallets and steal funds from bank accounts.

This is not the first time mobile malware has targeted financial services. Last month, IBM X-Force researchers detailed a new TrickBot campaign, called TrickMo, that was found exclusively targeting German users with malware that misused accessibility features to intercept one-time passwords (OTP), mobile TAN (mTAN), and pushTAN authentication codes.

“Giving attacker access to a mobile device can have severe business consequences, especially if the end-user is using their mobile device to discuss sensitive business topics or access enterprise financial information,” Cybereason researchers concluded. “This can result in brand degradation, loss of individual reputation, or loss of consumer trust.”

EventBot’s family of malicious apps may not be active on the Google Play Store, but it’s yet another reminder of why users should stick to official app stores and avoid sideloading apps from untrusted sources. Keeping the software up-to-date and turning on Google Play Protect can also go a long way towards protecting devices from malware.

How does Eventbot gain Access to a device?

According to research, Eventbot is distributed by posing as one of several legitimate applications. Examples include Adobe Flash Player, Microsoft Word, and other applications. When users download and install the malicious app, which appears to be official, devices are installed.

These fake apps are typically advertised on forums, unofficial websites, and other questionable download sites.

Best way to Avoid the Eventbot Banking Malware

For Android phone users to protect themselves from the virus infection, CERT-In has suggested a few preventative measures. These steps include not installing software from links sent via email or text message or from unreliable websites.

Before downloading an app from the Play Store, users should also look at its details, number of downloads, and user reviews. Installing an up-to-date antivirus program and keeping their phone up-to-date with the most recent Android updates and patches are additional security measures. Additionally, users should avoid using unsecured or unknown Wi-Fi networks and tap on URLs with caution

Top 5 Eventbot Competitors and Alternatives

  1. Zapier
  2. Qlik Sense
  3. Integrately
  4. Troops
  5. HeyTaco

Click Here to Get Legit Cash App Money Transfer

 

Get $500 Cashapp Get $750 Cashapp | Get $1k Cashapp | Get $2k Cashapp Get $5k Cashapp  | Get $4k CAshapp 

cashapp flip legit store

Leave a Comment

Your email address will not be published. Required fields are marked *