Android Trojan EventBot Targets 200+ Financial Apps

Android Trojan EventBot Targets 200+ Financial Apps

Originally Published on this site

Android Trojan EventBot Targets 200+ Financial Apps

Android Trojan EventBot Targets 200+ Financial Apps 1

Security researchers have warned of a new Android-based banking Trojan that works across 200 financial applications popular in Europe and the US.

First discovered in March, the EventBot malware abuses Android’s accessibility features to steal financial data, bypass two-factor authentication and read and steal SMS messages.

Among the banking and cryptocurrency exchange apps targeted by EventBot are Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase and paysafecard.

This represents a serious risk to organizations, according to Cybereason Nocturnus.

“Once this malware has successfully installed, it will collect personal data, passwords, keystrokes, banking information and more. This information can give the attacker access to personal and business bank accounts, personal and business data, and more,” the firm explained.

“Letting an attacker get access to this kind of data can have severe consequences; 60% of devices containing or accessing enterprise data are mobile. Giving an attacker access to a mobile device can have severe business consequences, especially if the end user is using their mobile device to discuss sensitive business topics or access enterprise financial information. This can result in brand degradation, loss of individual reputation, or loss of consumer trust.”

Although it’s unclear who’s behind the malware, IT security teams have been urged to keep an eye on EventBot as it continues to evolve rapidly.

“This malware appears to be newly developed with code that differs significantly from previously known Android malware,” said Cybereason. “EventBot is under active development and is evolving rapidly; new versions are released every few days with improvements and new capabilities.”

Businesses are advised to ensure employee devices are up-to-date, with Google Play Protect and third-party AV installed/switched on, and that users are prevented from downloading apps from unofficial stores.

Users should also think twice about granting requested permissions from apps, and if unsure about an application, should check the APK signature and hash in sources like VirusTotal before installing it, Cybereason said.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)