UPDATED 23:24 EST / APRIL 30 2020


New Android EventBot malware steals data from financial applications

A new form of Android mobile malware has been spotted in the wild that steals user data from financial applications.

Dubbed “EventBot” by security researchers at Cybereason Inc. who wrote about it today, the new malware first emerged in March and is described as a mobile banking Trojan and infostealer. The malware abuses Android’s accessibility to steal user data from financial applications, reads user SMS text messages and steals them to allow the malware to bypass two-factor authentication.

EventBot is said to target users of more than 200 different financial applications, including banking, money services and cryptocurrency wallets. A few of its targets include Paypal Inc. Business, Revolut Inc., Barclays plc, UniCredit S.p.A, CapitalOne Financial Corp. U.K., HSBC Holding plc U.K., Banco Santander S.A. U.K., TransferWise Ltd., Coinbase Inc. and paysafecard.

The malware is distributed through malicious Android apps that pretend to be legitimate. On installation, EventBot requests access to Android’s accessibility services, which allows it to operate as a keylogger. Once those permissions are granted, the malware sits in the background and logs every key press made by the infected user.

“This brand-new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications,” the researchers noted.

Advice to avoid infection by EventBot includes making sure Android devices are updated with the latest software and not downloading mobile apps from unofficial or unauthorized sources.

James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE that the Android malware attacks are increasing their level of sophistication.

“Consumers want to make sure they’re installing software from reputable sources, like the Google Play Store, and not from websites unless they completely trust them,” he said. ‘Based on the current Android operating system configurations, it is advisable to install an anti-malware program to reduce the risk of malware installation. While it might not detect unknown malware, the known signatures can prevent any known attacks.”

Image: Cybereason

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy