Hacker News
Eventbot: Android Malware that Puts Financial Apps at Risk

“…This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications.”
–Cybereason researchers
Mobile banking is now more important than ever since we can no longer leave our home at our leisure. Banks are open but there’s still the hassle of explaining yourself at random checkpoints if you’re still doing things manually, so it’s a good idea to have and learn how to use your banks’ respective mobile banking apps on your phone.
In case you already have and use them, you need to be wary of a new Android malware (if you’re using Android) going around that threatens to steal your banking passwords, private data and keystrokes. If you’re using two-factor authentication that makes use of SMS messages from your banks, tough luck because this malware can also read your SMS messages and hijack those authentication codes.
This new malware dubbed Eventbot was discovered by Cybereason, the makers of Cybereason Ransomfree (something that should be installed on your desktop). Eventbot can monitor over 200 financial apps. This includes banking apps from HSBC, crypto-currency wallets such as Coinbase and payment apps like Paypal and Transferwise.
Eventbot is embedded in Android apps posing as legitimate applications (which are quite prevalent when it comes to Android) that are available in rogue app stores (not Google Play Store).
These apps request for extensive permissions when installed, which are often dismissed by casual users. Rogue app stores are often available for cheaper Android devices that are not licensed by Google or for users in the market for shady apps.
Once installed, Eventbot scans for notifications from various apps, notably financial apps and scans for the contents of open windows, thus gaining access to possibly PINs and other private data as well as intercept SMS messages and parse for two-factor authentication codes.
Eventbot infected apps may not be present in the Google Play Store but it pays to be sure of the downloaded apps and making sure which publisher it comes from. Users intending to use their devices for financial management should also make a point to stay away from rogue app stores and avoid side-loading of pirated APKs of legitimate apps. It’s also very important to keep the devices and apps updated in order to patch vulnerabilities exploited by malware.