Connect with us

Hacker News Malware

Eventbot: Android Malware that Puts Financial Apps at Risk

Hacker News Malware

Emotet Malware Makes a Comeback with Fresh Attacks After Three Months of Silence

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News

Chinese hackers develop new custom backdoor to evade detection

Hacker News

Hackers are exploiting vulnerabilities in containerized environments

Hacker News

Play Ransomware Group Brags About Disruptive Attack on City of Oakland

Hacker News

Chinese State-Sponsored Hacking Group APT31 Targets European Organizations

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Hacker News

White Hat Hacking Does Pay: Pwn2Own Shells Out 980,000 in Rewards

Hacker News

Eventbot: Android Malware that Puts Financial Apps at Risk

Published

4 years ago

on

Eventbot Android Malware that Puts Financial Apps at Risk

 

“…This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications.”

–Cybereason researchers

 

Mobile banking is now more important than ever since we can no longer leave our home at our leisure. Banks are open but there’s still the hassle of explaining yourself at random checkpoints if you’re still doing things manually, so it’s a good idea to have and learn how to use your banks’ respective mobile banking apps on your phone.

 

In case you already have and use them, you need to be wary of a new Android malware (if you’re using Android) going around that threatens to steal your banking passwords, private data and keystrokes. If you’re using two-factor authentication that makes use of SMS messages from your banks, tough luck because this malware can also read your SMS messages and hijack those authentication codes.

 

This new malware dubbed Eventbot was discovered by Cybereason, the makers of Cybereason Ransomfree (something that should be installed on your desktop). Eventbot can monitor over 200 financial apps. This includes banking apps from HSBC, crypto-currency wallets such as Coinbase and payment apps like Paypal and Transferwise.

 

Eventbot is embedded in Android apps posing as legitimate applications (which are quite prevalent when it comes to Android) that are available in rogue app stores (not Google Play Store).

These apps request for extensive permissions when installed, which are often dismissed by casual users. Rogue app stores are often available for cheaper Android devices that are not licensed by Google or for users in the market for shady apps.

 

Once installed, Eventbot scans for notifications from various apps, notably financial apps and scans for the contents of open windows, thus gaining access to possibly PINs and other private data as well as intercept SMS messages and parse for two-factor authentication codes.

 

Eventbot infected apps may not be present in the Google Play Store but it pays to be sure of the downloaded apps and making sure which publisher it comes from. Users intending to use their devices for financial management should also make a point to stay away from rogue app stores and avoid side-loading of pirated APKs of legitimate apps. It’s also very important to keep the devices and apps updated in order to patch vulnerabilities exploited by malware.

 

Related Topics:
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *