A new strain of malware is preying on billions of Android smartphones. The malware steals user information and specifically targets mobile banking apps.
Experts call this new Android malware EventBot. Security researchers from Cybereason Nocturnus reports that the malware started infecting devices around March 2020.
According to Cybereason, EventBot is a mobile banking Trojan and it is capable of abusing Android vulnerabilities. Once installed, the malware can steal user information and financial data.
Perhaps the most critical of its capabilities is its ability to read and steal SMS messages. This is a critical vulnerability since SMS messages are usually used for two-factor authentication.
Android malware targets banking apps
According to Cybereason, this particular type of Android malware targets banking apps. In fact, the cybersecurity firm added, more than 200 different financial, banking, cryptocurrency, and money transfer apps have been target.
Among the popular apps targeted by this new Android malware are Paypal Business, CapitalOne UK, Barclays, Santander UK, UniCredit, and Revoult. Cryptocurrent wallets like Coinbase, Crypterium, and TotalCoin are also on the malware’s list of targets.
Early investigations on the malware reveal that its main targets are those in the United States. However, EventBot infections are also reported in Italy, Germany, France, Switzerland, Spain, and the United Kingdom.
EventBot is a new kind of Android malware that steals passwords from banking and cryptocurrency apps and siphons off two-factor codes to steal funds.#MobileSecurity #AndroidSecurity #eventbot #CyberSec #Security #cyberthreats #hackers #cybercrime https://t.co/W1SbnfMqED pic.twitter.com/BURNmoA6hb
— ServNet (@ServnetUK) May 4, 2020
What is interesting about this new malware is that it is still in its infancy. In fact, cybersecurity investigators are positive that the malware has yet to reach the Google App Store. Many experts believe that EventBot has the potential to become the next major banking malware.
Preventive measures against malwares
Since there are no immediate defense against these malwares, it is important to keep devices updated in order to prevent the malware from spreading. Downloading mobile apps on secure and legitimate sources is also imperative in keeping the malware at bay.
Experts also advise against opening links or messages sent from unknown sources. This is a very common way of delivering phishing and smishing exploits.
Cybersecurity experts believe that this new strain of Android malware is still lurking on third-party distribution platforms. It is most likely masquerading itself as a legitimate app. Since its discovery, this new Android malware has mutated four times.
Using an anti-virus is also a good measure. However, since this is a new Android malware, most antivirus applications might not filter it out as a threat to a system. Preventive measures are always a great way to keep malwares from infecting devices.
Image courtesy of Nara.nra28/Wikimedia Commons