Android Trojan EventBot Targets 200+ Financial Apps

Security researchers have warned of a new Android-based banking Trojan that works across 200 financial applications popular in Europe and the US.

First discovered in March, the EventBot malware abuses Android’s accessibility features to steal financial data, bypass two-factor authentication and read and steal SMS messages.

Among the banking and cryptocurrency exchange apps targeted by EventBot are Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase and paysafecard.

This represents a serious risk to organizations, according to Cybereason Nocturnus.

“Once this malware has successfully installed, it will collect personal data, passwords, keystrokes, banking information and more. This information can give the attacker access to personal and business bank accounts, personal and business data, and more,” the firm explained.

“Letting an attacker get access to this kind of data can have severe consequences; 60% of devices containing or accessing enterprise data are mobile. Giving an attacker access to a mobile device can have severe business consequences, especially if the end user is using their mobile device to discuss sensitive business topics or access enterprise financial information. This can result in brand degradation, loss of individual reputation, or loss of consumer trust.”

Although it’s unclear who’s behind the malware, IT security teams have been urged to keep an eye on EventBot as it continues to evolve rapidly.

“This malware appears to be newly developed with code that differs significantly from previously known Android malware,” said Cybereason. “EventBot is under active development and is evolving rapidly; new versions are released every few days with improvements and new capabilities.”

Businesses are advised to ensure employee devices are up-to-date, with Google Play Protect and third-party AV installed/switched on, and that users are prevented from downloading apps from unofficial stores.

Users should also think twice about granting requested permissions from apps, and if unsure about an application, should check the APK signature and hash in sources like VirusTotal before installing it, Cybereason said.

What’s Hot on Infosecurity Magazine?