• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » Malware » EventBot Android Malware Steals Banking App Credentials

EventBot Android Malware Steals Banking App Credentials

2020-04-30 by Michelle Dvorak

EventBot Android Malware

New Android Malware Targets Banking Apps, Money Transfer Services, and Cryptocurrency Wallets

The new EventBot Android Malware is stealing financial login credentials and can bypass two-factor authentication (2FA) by stealing authentication codes too. The banking trojan was discovered by Cybereason Nocturnus cyber security researchers who discovered the mobile banking trojan. The Android malware was spotted in the beginning of March of this year.

Once a device is infected the malware infected fake app runs in the background and silently steals passwords from one or more of the 200 banking and cryptocurrency apps that may be installed on the device.

The malware is circulating on Android mobile devices in theUnited States, Italy, the UK, Spain, Switzerland, France, and Germany. It can intercept and read SMS text messages used to authenticate logins to financial app login attempts.

READ MORE ABOUT MALWARE

The malware is both an info stealer and malware that heists credential from financial applications and wallets. It can also read SMS text messages to steal two-factor authentication (2FA) codes sent to the phone. The Android malware targets over 200 financial applications, including banking, money transfer services, and cryptocurrency wallets.

EventBot Malware Fake Icons - Image Credit Cyberreason

This brand-new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications.” states Cybereason.

EventBot malware prompts the user to give it access to accessibility services. Like many other malware EventBot abuses a critical operating system feature, accessibility features, to gain privileges.

Targeted Apps and Services

  • Paypal Business
  • CapitalOne
  • HSBC
  • Revolut
  • Barclays
  • UniCredit
  • Santander UK
  • TransferWise
  • Coinbase
  • paysafecard
  • and over 290 more fincial apps (below)
Cyberreason Apps Stolen by EventBot
Apps Stolen by EventBot -Image Credit Cyberreason

This Android malware asks for escalated permission so it can access accessibility features and perform other functions.  Accessibility features are intended to help people with disabilities use their phones by auto-filling form fields, permissions, changing tap rates, and performing swipes or other gestures.  Permissions include access to device accessibility settings, the ability to read from external storage, to send and receive SMS  text messages. EventBot Android malware will also run in the background and restart after a system reboot.

After the user agrees, EventBot acts as a keylogger and can read notifications on other apps installed on the phone plus any open window.

How to Safeguard Against Android Malware

EventBot is not currently an app on the Google Play store.

  • Ensure that your device is updated with the latest operating system updates
  • Turn automatic updates on for operating systems and mobile apps
  • Never download apps from outside the Google Play Store
  • Don’t download another app from within a game – this is common way for hackers to infect your phone
  • Keep Google Play Protect enabled
  • Never agree to give an app more permission that it should need. EventBot prompts the user to give it access to accessibility services. For example, a game does not need access to all of your text messages or call history
  • Use a mobile antivirus app to detect and mitigate malware and protect your phone or tablet
  • If you are using an older phone, consider upgrading to a phone with facial recognition or fingerprint scans to protect banking apps

Filed Under: Malware Tagged With: Android

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version