Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New Android malware steals financial information, bypasses 2FA
#1
[Image: lmTU7Ig.png]

Quote:A new banking Trojan can steal financial information from Android users across the United States and several European countries, including the UK, Germany, Italy, Spain, Switzerland, and France.

Dubbed EventBot by researchers at Cybereason Nocturnus who discovered it in March 2020, the malware is a mobile banking trojan and infostealer designed to abuse the Android operating system's accessibility features to steal sensitive financial data.

"EventBot targets users of over 200 different financial applications, including banking, money transfer services, and crypto-currency wallets," the Cybereason Nocturnus researchers found.


"Those targeted include applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase, paysafecard, and many more."  — the full list of targeted Android apps is available here.

At the moment, the malware is not being distributed via the Google Play Store, with its creators most likely using shady APK hosting websites and rogue APK marketplace for distribution to potential victims' devices.


Quote:Permissions for everything

Once the targets download EventBot on their devices and start the installation process, the malware will ask to be granted a large set of permissions including the capability to run in the background, to ignore battery optimizations, and to prevent the processor from sleeping or the device from dimming the screen.

EventBot also asks to get access to  Android's accessibility services which allows it to "operate as a keylogger and can retrieve notifications about other installed applications and content of open windows" once the permissions are granted.

The banking trojan also asks for permission to launch itself after system boot as a simple way to gain persistence on infected devices and run in the background as a service.

Continue reading HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Tor Browser now bypasses internet censorship automatically tarekma7 0 857 07-17-2022 , 09:36 AM
Last Post: tarekma7
  Android malware found embedded in APKPure store application tarekma7 0 1,881 04-10-2021 , 06:33 PM
Last Post: tarekma7
  Bogus Android Clubhouse App Drops Credential-Swiping Malware tarekma7 0 1,362 03-22-2021 , 10:19 AM
Last Post: tarekma7
  Cyber Security Today – Twitter hack aftermath, more Android malware, actors on alert Mike 0 1,607 07-20-2020 , 05:00 PM
Last Post: Mike
  More information about DDoS Attack tarekma7 3 2,129 05-12-2020 , 12:13 PM
Last Post: Mike

Forum Jump:


Users browsing this thread: 1 Guest(s)