A new Android-based banking Trojan has been discovered that works across more than 200 financial applications. It abuses Android’s accessibility features to steal financial data, bypass two-factor authentication and read and steal SMS messages.
Some of the banking and cryptocurrency exchange apps targeted by EventBot are Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase and paysafecard.
According to Cybereason Nocturnus team which investigated the EventBot, the malware is sure to cause serious risk to companies. When this malware is successfully installed, it will collect personal data, passwords, keystrokes, banking information etc. Using this information an attacker can get access to personal and business bank accounts, personal and business data, and much more.
Most of the people use mobiles to access enterprise data and allowing an attacker to get hold of these data can have serious business consequences. If sensitive business topics are discussed or enterprise financial information are accessed through mobiles, it can lead to brand degradation, loss of individual reputation, or loss of consumer trust.
The developers behind the malware is not known at present and the security teams are inspecting the EventBot as it continues to evolve rapidly.
Cybereason states that this malware seems to be newly developed and the code is significantly different from previously known Android malware. New versions of EventBot are released every few days with improvements and new capabilities.
The organizations are recommended to make sure that their employee devices are up-to-date, with Google Play Protect and third-party AV installed. The users must also be not allowed to download apps from unofficial stores.
Additionally, the users must think twice before granting requested permissions from apps. If you are not sure about an application, you must check the APK signature and hash in sources like VirusTotal before installing it.