Security researchers analyzed a new kind of android malware dubbed as “EventBot” designed to target over 200 different banking and finance android applications.
According to recent research published by Cybereason, first discovered in March 2020, the banking malware abuses Android’s accessibility features to steal financial data from the installed applications. The malware is also capable of bypassing 2FA-enabled applications.
It targets financial applications, including banking, money transfer services, and cryptocurrency wallets. “Those targeted include applications like PayPal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase, Paysafecard, and many more,” Cybereason researchers found.
The full list of EventBot targeted Android applications is available here.
Though EventBot is not currently on the Google Play Store, researchers found that its four active versions v0.0.0.1, v0.0.0.2, v0.3.0.1, and v0.4.0.1.it are currently being distributed on rogue APK stores and shady websites specifically targeting financial banking applications across the United States and Europe, including Italy, the UK, Spain, Switzerland, France, and Germany.
“Once this malware has successfully installed, it will collect personal data, passwords, keystrokes, banking information, and more. This information can give the attacker access to personal and business bank accounts, personal and business data, and more,” the report explains.
“Cybereason believes EventBot could be the next influential mobile malware because of the time the developer has already invested into creating the code and the level of sophistication and capabilities is really high. By accessing and stealing this data, Eventbot has the potential to access key business data, including financial data. Mobile malware is no laughing matter and it is a significant risk for organizations and consumers alike,” Assaf Dahan, Senior Director, Head of Threat Research, Cybereason said.
Considering the rapid rise in the mobile-malware based threats and previously found malware families such as Cerberus, Xhelper and the Anubis Banking Trojan, organizations are advised to implement mobile threat detection solutions for enhanced security. Moreover, they should ensure employee devices are up-to-date, Google Play Protect and Anti-virus solutions switched on, and also ask employees not to download mobile apps for unofficial or unauthorized sources.