In this post, I will write about the new Smartphone Malware that Targets Banking Apps know as eventBot.
Securing our devices has always been a point of concern. People secure their smartphones, computers for different reasons. Either from friends, spouse or invaders, But people mostly don’t pay attention to the necessary information and terms of use when installing new applications or software. From these applications, invaders/hackers try to steal our information so as to take advantage of it. One of such malware has now been found which affects Android smartphones and targets banking applications specifically by bypassing even the extra layers of protection.
Also read: 10 Signs of a Malware Infection on your Computer
The name of this Android smartphone malware is EventBot and it has been found by the security researchers’ team at Cybereason firm. The team discovered that the trojan disguises itself as a legitimate Android app and abuses Android’s accessibility features to ill-treat your data. They found out that EvenBot is using several icons to masquerade as a genuine application. It is not currently available on Play Store but it impersonates many icons like Microsoft Word and Adobe Flash to exploit data.
They further analyzed that, EventBot malware particularly targets sensitive information like banking passwords, data from financial applications. The malware can also bypass the two-factor authentication (2FA), a security process that adds an extra layer of protection to ensure the security of your online accounts. The EventBot can read SMS messages and steal them to unlock the 2FA and thus get deeper access to your accounts.
Also Read: 9 Most Deadliest Computer Viruses that Stood the Test of Time
Once you installed the EventBot, it prompts the user to give it access to accessibility services and once the permission is granted, it can act as a keylogger and can retrieve notifications about other installed applications.
As per Cybereason’s key findings, the EventBot targets users of over 200 different financial applications, including money transfer services, crypto-currency wallets. Some of these targeted applications are Paypal Business, HSBC UK, Coinbase, TransferWise, and many more. Also, these intruders target these applications across the US, Europe, including Italy, the UK, Spain, Switzerland, France, and Germany.
The team says that EventBot is a “brand new” malware and that’s why a matter of their interest. According to what the researchers have found, the malware is currently in the early stages and has real potential to become the next big mobile malware as well. The team found that the malware is constantly improving and it has encountered different versions of the malware over time as it has rapidly evolved and each version is expanding its capability even further. In more up-to-date versions of Android, the EventBot malware even asks for permission to run in the background before deleting itself from the launcher.
The makers behind the malware are unknown and it may take some time to locate them and eradicate them completely. Meanwhile, researchers suggest users not download any untrusted apps from third-party sites or stores.
SECURITY RECOMMENDATIONS
- Use mobile threat detection solutions for enhanced security.
- Always apply critical thinking and consider whether you should give a certain app the permissions it requests.
- Keep your mobile device up-to-date with the latest software updates from legitimate sources.
- Do not download mobile apps from unofficial or unauthorized sources. Most legitimate Android apps are available on the Google Play Store.
- When in doubt, check the APK signature and hash in sources like VirusTotal before installing it on your device.
- Keep Google Play Protect on.
Also Read: The Complete difference between PayPal FnF and PayPal GnS
We love to hear from you, comment below, and share.
