Researchers have found an advanced new Android trojan that bypasses security standards and scrapes data from financial applications. This Trojan was first recognized in March. The EventBot banking trojan violates Android’s accessibility features in order to collect financial information and intercept SMS messages, enabling the malware to bypass two-factor authentication.
EventBot has preyed on more than 200 financial applications, spanning banking, money transfer, and cryptocurrency wallet services, according to Cybereason, the firm that discovered this violation. The applications that have been affected include HSBC, Barclays, Revolut, Paypal and TransferWise, and many others that are believed to be at risk.
Read More: Samsung to Roll Out Android 10 Update soon
EventBot requests the user to allow it to manage accessibility services, an important feature especially because these services demand extensive permissions in order to work, including operating as a keylogger, for example, and running in the background.
Android Banking Trojan
As developers publish more advanced iterations every few days, the EventBot is currently under development. However, it is known to present a high level of sophistication. Apparently the malware has been developed from the ground up, and according to security analysts at Cybereason, with “code that differs significantly from previous Android malware.”
At the moment, the EventBot does not feature on the Google Play Store indicating its operators are distributing the malware via illegitimate application stores and rogue websites. It has been observed that the trojan masquerades as popular applications such as Microsoft Word and Adobe Flash Player.
EventBot demands Android permissions that include reading internal storage, reading and sending SMS messages, launching automatically after system boot, showing windows on top of other apps, and inquiring to install additional packages. Some of these permissions prompt the user, even saying that the app requires to “observe text you type – includes personal data such as credit card numbers and passwords.”
Assaf Dahan, Head of Threat Research at Cybereason said:
“By accessing and stealing this data, Eventbot has the potential to access key business data, including financial information. Mobile malware is no laughing matter and is a significant risk for organizations and consumers alike”
In order to reduce exposure to the new EventBot trojan, Android users are recommended to download the latest software updates from reliable sources. Furthermore, they must ensure that Google Play Protect continues to stay running at all times. They must also practice critical thinking when setting application permissions.