Latest Android malware EventBot, which steals banking passwords and double factor codes
A newly discovered Android malware which targets bank applications and encryption wallets.
The malware, recently discovered and pointed to by security analysts at Cybereason as EventBot, masks itself as a legal Android program – like Adobe Flash or Microsoft Word for Android – abussing Android’s built-in usability features to deep-rooted system control.
EventBot downloads passwords for over 200 banking and crypto-currency apps — like PayPal, Coinbase, CapitalOne and HSBC — and interceases and two factor automatic text message authentication codes, either through a questionable username or malicious individual with access to a victim’s computer.
The intruder will break into bank accounts, devices and wallets with the victim’s password and two-factor code and steal the funds of the victim.
The malware tracks each key and tap pressure codes and can interpret messages from other programs that are enabled, providing the hackers a view on the computer.
The ransomware would gradually strip financial and crypto-monetary program credentials from the hackers’ servers.
EventBot remains a work in progress, the researchers said. For weeks after their March finding, researchers have seen the malware modified every few days iteratively to provide new malicious functionality.
At some stage the developers of the malware have strengthened the encryption scheme they use to connect with the hackers’ server and provide a new feature that will obtain the lock code of a user’s computer that enables malware to give the software the victims greater rights, such as purchases and program changes.
Malware is not fresh to Android, but is rising. Iphone consumers are constantly being attacked by hackers and malware operators as many smartphone owners have bank applications, social networking and other sensitious resources on their smartphones. In recent years, Google has improved Android security by screening apps in its App Store and blocking third party apps to reduce malware — with mixed results. Many harmful apps have evaded detection by Google.Cybereason also stated that it also not seen EventBot in the Android app store or been utilized in ransomware operations, restricting possible victims’ access — for now.