The researcher’s at Cybereason Inc. has come across a new form of malware that steals user’s data of financial applications. The name of the malware is “Eventbot”. This has emerged in the month of March 2020 and this has been described as a Mobile banking trojan and an information stealer. This malware has the capability to read through user text messages which allows the hackers to bypass two factor verification.
It is said to target users of more than 200 different financial apps, including money services, banking and cryptocurrency. Some of its targets are Paypal, HSBC, paysafecard, Revolut and Coinbase.
The Malware pretends to be a legitimate application and requests access for android’s accessibility service, read from external storage, send and receive SMS messages, launch itself at the boot time, which then grants the eventbot to operate as a keylogger. Upon getting access it sits in the background while logging every keypress and reading SMS through infected user.
It also has the ability to exploit the android’s accessibility service to grab lock screen pin and it has the capability to encrypt all the data and send it to the attacker’s server. Since this malware is under constant change to its behavior it has a potential to be a huge threat to the android users. An Attacker getting access to a mobile phone has severe consequences to the user and the company they are working for. Especially in occasions where infected users communicate sensitive business topics or access company financial documents.
To avoid being victimized from this malware users can download apps through official Google Play store, without downloading from third party untrusted websites. Keeping all software up to date and turning Google Play protect can also go a long way towards protecting devices from these types of malware.