In a recent study, Cybereason pointed out a new malware that has been affecting the financial application world. In their blog, they wrote about the malware, called EventBot that steals user data from financial apps.
The major apps included in this category are Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase, Paysafecard, etc. Also, EventBot has affected countries like the United States, Italy, the UK, Spain, Switzerland, France, and Germany.
The malware reads the user's SMS and allows two-factor authentication. That is, EventBot will be able to read your messages and provide itself with the OTP. And in turn, transact from your bank accounts. The trojan gives hackers a window into what is happening in the victim's phone. After a while, the hackers get banking and cryptocurrency app passwords from key-press of the user.
The trojan is still in its early stages. But it has the potential to become big. Its developers are continuously developing it and abusing OS features.
EventBot away from the eyes of Google
One of its interesting features is, that, it keeps away from the eyes of Google. How? If the apps think that Google is testing them, to keep it away, the servers will not trigger the payload.
The report said:
Though EventBot is not currently on the Google Play Store, we were able to find several icons EventBot is using to masquerade as a legitimate application. We believe that, when it is officially released, it will most likely be uploaded to rogue APK stores and other shady websites, while masquerading as real applications.
Cybereason said it has not yet seen EventBot on Android’s app store or in active use in malware campaigns. Thus, it has limited exposure to potential victims — for now. But the researchers said users should avoid untrusted apps from third-party sites and stores. Since many of which don’t screen their apps for malware, people should avoid such downloads.