EventBot, the newest Android malware breaks in banking apps, cryptocurrency wallets, and copies two-factor authentication codes.
The newest Android malware puts all Android users at risk as it invades devices without the user noticing it. What’s worse is that the said threat has the capability to access confidential applications and even bypass the two-factor authentication.
A team of researchers from Cybereason, a security firm warned all Android users to be more vigilant of the malware in disguise. event is the newest member of the malware family, yet its ability to access and break in a user’s device is that of a pro.
How EventBot operates
EvenBot disguises itself as a legitimate Android app. It comes mimicking the form of Microsoft Word or Adobe Flash for Android.
The unsuspecting victim downloads and installs the app. EventBot then takes advantage of the Android device’s accessibility features.
Successful to enter the deep access to an Android phone, EventBot then taps into passwords and important details. The newest Android malware can copy and access passwords of up to 200 banking, cryptocurrency, and payment apps.
PayPal, Coinbase, CapitalOne, and HSBC are just some of the financial applications susceptible to Eventbot attack. At this point, even the two-factor authentication cannot protect the Android user’s device as the threat can even copy the code.
It can even continue to do surveillance on the user’s online activities by recording every tap and keypress. EventBot then sends back all the banking, payment, and cryptocurrency data to its hacker’s server.
What tech experts have to say
Experts described EventBot as Android malware with a really high level of sophistication. Assaf Dahan, head of threat research at Cybereason believed that this threat has great capabilities.
In an interview, Dahan expressed his belief that the developer behind the threat worked overtime. He said that the hacker invested so much time and resources into creating the code to make an event.
The Cybereason representative also believed that EventBot started from scratch. With how he sees it, there is no code reuse from previous malware or clear cases of copy-paste.
How to protect Android devices from EventBot
The security firm assured the public that the EventBot did not manage to enter the android app store yet. However, safety precautions need to be taken such as avoiding avoid untrusted apps from third-party sites and stores.
Experts still have no idea who is behind EventBot. One thing Cybereason assured the said threat progressed a lot since its March detection and continues to seek itself for higher privileges.
Image courtesy of TheDigitalWay/Pixabay