Tech - News
New Android Trojan Detected - Steals Banking Passwords, Private Data and Keystrokes
A new mobile-based trojan has been discovered that's capable of compromising Android’s accessibility features in order to steal user data from banking applications and read user’s SMS messages, allowing the malware to bypass two-factor authentication.
Researchers have discovered a sophisticated new Android Trojan that bypasses security measures and scrapes information from monetary applications.
First identified in March, the EventBot banking trojan abuses Android’s accessibility options to reap financial information and intercept SMS messages, permitting the malware to bypass two-factor authentication.
According to Cybereason, the firm to blame for the invention, EventBot targets over 200 money applications, spanning banking, cash transfer and cryptocurrency wallet services.
Affected applications include those operated by major players appreciate HSBC, Barclays, Revolut, Paypal and TransferWise - however many more are thought to be in danger.
Called "EventBot" by Cybereason researchers, the malware is capable of targeting over 200 totally different financial apps, as well as banking, cash transfer services, and crypto-currency wallets like Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase.
"EventBot is especially fascinating as a result of it's in such early stages," the researchers said. "This latest malware has real potential to become succeeding massive mobile malware, because it is below constant unvarying enhancements, abuses a important software package feature, and targets money applications."
The campaign, initial known in March 2020, masks its malicious intent by move as legitimate applications (e.g., Adobe Flash, Microsoft Word) on rascal APK stores and different shady websites, which, once put in, requests intensive permissions on the device.
The permissions embrace access to accessibility settings, the flexibility to browse from auxiliary storage, send and receive SMS messages, run within the background, and launch itself when system boot.
If a user grants access, EventBot operates as a keylogger and may "retrieve notifications concerning different installed applications and content of open windows," additionally to exploiting Android's accessibility services to grab lockscreen PIN and transmit all the collected information in an encrypted format to an attacker-controlled server.
The ability to break down SMS messages also makes the banking trojan a useful tool to bypass SMS-based two-factor authentication, thereby giving the adversaries quick access to a victim's cryptocurrency wallets and steal funds from bank accounts.
This is not the first time mobile malware has targeted financial services. Last month, IBM X-Force researchers elaborate a brand new TrickBot campaign, known as TrickMo, that was found solely targeting German users with malware that exploited accessibility options to intercept a one-time password (OTP), mobile TAN (mTAN), and pushTAN authentication codes.
"Giving attacker access to a mobile device can have severe business consequences, particularly if the end-user is using their mobile device to discuss sensitive business topics or access enterprise financial data," Cybereason researchers ended. "This may result in whole degradation, loss of individual name, or loss of client trust."
EventBot's family of malicious apps might not be active on the Google Play Store, however it's yet one more reminder of why users ought to continue official app stores and avoid sideloading apps from untrusted sources. Keeping the code up-to-date and turning on Google Play defend can also go a protracted manner towards protecting devices from malware.