
New Android Malware Targets Banking Apps, Money Transfer Services, and Cryptocurrency Wallets
The new EventBot Android Malware is stealing financial login credentials and can bypass two-factor authentication (2FA) by stealing authentication codes too. The banking trojan was discovered by Cybereason Nocturnus cyber security researchers who discovered the mobile banking trojan. The Android malware was spotted in the beginning of March of this year.
Once a device is infected the malware infected fake app runs in the background and silently steals passwords from one or more of the 200 banking and cryptocurrency apps that may be installed on the device.
The malware is circulating on Android mobile devices in theUnited States, Italy, the UK, Spain, Switzerland, France, and Germany. It can intercept and read SMS text messages used to authenticate logins to financial app login attempts.
READ MORE ABOUT MALWARE
The malware is both an info stealer and malware that heists credential from financial applications and wallets. It can also read SMS text messages to steal two-factor authentication (2FA) codes sent to the phone. The Android malware targets over 200 financial applications, including banking, money transfer services, and cryptocurrency wallets.

This brand-new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications.” states Cybereason.
EventBot malware prompts the user to give it access to accessibility services. Like many other malware EventBot abuses a critical operating system feature, accessibility features, to gain privileges.
Targeted Apps and Services
- Paypal Business
- CapitalOne
- HSBC
- Revolut
- Barclays
- UniCredit
- Santander UK
- TransferWise
- Coinbase
- paysafecard
- and over 290 more fincial apps (below)

This Android malware asks for escalated permission so it can access accessibility features and perform other functions. Accessibility features are intended to help people with disabilities use their phones by auto-filling form fields, permissions, changing tap rates, and performing swipes or other gestures. Permissions include access to device accessibility settings, the ability to read from external storage, to send and receive SMS text messages. EventBot Android malware will also run in the background and restart after a system reboot.
After the user agrees, EventBot acts as a keylogger and can read notifications on other apps installed on the phone plus any open window.
How to Safeguard Against Android Malware
EventBot is not currently an app on the Google Play store.
- Ensure that your device is updated with the latest operating system updates
- Turn automatic updates on for operating systems and mobile apps
- Never download apps from outside the Google Play Store
- Don’t download another app from within a game – this is common way for hackers to infect your phone
- Keep Google Play Protect enabled
- Never agree to give an app more permission that it should need. EventBot prompts the user to give it access to accessibility services. For example, a game does not need access to all of your text messages or call history
- Use a mobile antivirus app to detect and mitigate malware and protect your phone or tablet
- If you are using an older phone, consider upgrading to a phone with facial recognition or fingerprint scans to protect banking apps