Researchers at Israeli security startup Cybereason discovered a new type of mobile malware EventBot which masquerades as a legitimate Android app.
EventBot abuses Android’s in-built features to steal users’ data from financial applications. It reads user banking SMS messages and steals SMS messages to allow the malware to bypass two-factor authentication.
Cybereason’s Nocturnus team has been investigating EventBot since its inception in March 2020. Once installed by an unsuspecting user The New Mobile Banking Trojan targeting users of more than 200 financial apps, including Paypal Business, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase and many more. EventBot is targeting the users in countries across Europe and the United States.
“Cybereason believes EventBot could be the next influential mobile malware because of the time the developer has already invested into creating the code and the level of sophistication and capabilities is really high. By accessing and stealing this data, Eventbot has the potential to access key business data, including financial data. Mobile malware is no laughing matter and it is a significant risk for organizations and consumers alike,” said Assaf Dahan, Senior Director, Head of Threat Research, Cybereason.
Organizations can protect themselves from the growing mobile threat by improving their security hygiene, launching a security awareness training program and these additional measures, including:
- Keep your mobile device up-to-date with the latest software updates from legitimate sources.
- Keep Google Play Protect on.
- Do not download mobile apps from unofficial or unauthorized sources. Most legitimate Android apps are available on the Google Play Store.
- Always apply critical thinking and consider whether you should give a certain app the permissions it requests.
- When in doubt, check the APK signature and hash in sources like VirusTotal before installing it on your device.
- Use mobile threat detection solutions for enhanced security.