malware

EventBot Android malware invades banking apps and bypasses 2FA

EventBot Android malware breaks banking apps, cryptocurrency wallets, and copies 2FA codes

New Android malware puts all Android users at risk as it invades devices without the user noticing it. What’s worse is that the said threat has the capability to access confidential applications and even bypass the two-factor authentication.

A team of researchers from security firm Cybereason, warns all Android users to be more vigilant of the malware in disguise. EventBot is the newest member of the malware family, yet its ability to access and break in a user’s device is that of a pro.

How EventBot operates

EvenBot disguises itself as a legitimate Android app. It comes mimicking the form of Microsoft Word or Adobe Flash for Android.

The unsuspecting victim downloads and installs the app. EventBot then takes advantage of the Android device’s accessibility features.

EventBot abuses Android’s accessibility feature to access valuable user information, system information, and data stored in other applications. In particular, EventBot can intercept SMS messages and bypass two-factor authentication mechanisms.

EventBot targets users of over 200 different financial applications, including banking, money transfer services, and crypto-currency wallets, including PayPal, Coinbase, Barclays, HSBC, Santander, Starling, Lloyds, Mondo, Revolut, TSB, Tesco and Bank of Scotland – and many more.

In the Cybereason report, the researchers describe how they tracked a succession of submissions, seeing “features” added as the coders improve EventBot’s capabilities.

EventBot asks the user for permission to use accessibility services, a powerful feature since these services require extensive permissions in order to work, including acting as a keylogger, for example, and running in the background.

EventBot also requires Android permissions including reading internal storage, reading and sending SMS messages, launching automatically after system boot, showing windows on top of other apps, and requesting to install additional packages.

Some of these permissions prompt the user, even stating that the app needs to “observe text you type – includes personal data such as credit card numbers and passwords.”

Cybereason said that one-third of all malware now targets mobile endpoints, and that 60 per cent of devices accessing enterprise data are mobile. In mitigation, though, both Android and iOS are designed with stricter permissions than desktop PCs, and protected by the fact that most applications are installed via a curated store.

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services