EventBot: A new Android malware that steals banking information, SMS and two-factor authentication

A new Android malware called – EventBot has been recently discovered by Cybereason security firm. It’s a mobile banking trojan and info stealer that abuses Android’s accessibility features to steal user data from financial applications.

Once installed, EventBot will collect personal data, passwords, keystrokes, banking information, and more. This information can give the attacker access to personal and business bank accounts, personal and business data, and more.

The Cybereason Nocturnus team has found that the EventBot is designed to target over 200 different financial apps including banking, transfer, and crypto-currency wallets such as – Paypal Business and other bank-related apps.

The majority of the target apps come from the U.S. and Europe, including Italy, the UK, Spain, Switzerland, France, and Germany.

How it comes to Android devices:

• The EventBot malware is not on Play Store and comes as third party apps with icons the same as Adobe Flash, Microsoft Word, and more.
• After being installed, the app asks for app permission and obtains the device’s crucial information in stages to reach the required user data.

Threat level:

EventBot is currently in its early stages of development but it has the potential to become a big mobile malware because it’s still being improved by its developers.

Precautions:

• Keep your mobile device up-to-date with the official software updates.
• Keep Google Play Protect on.
• Do not download apps from unofficial or unauthorized sources.
• Do not give permission to the suspicious apps.
• When in doubt, check the APK signature and hash in sources like VirusTotal before installing it on your device.
• Use mobile threat detection solutions for enhanced security.