Just like any other form of malware, Android malware is also evolving, thus becoming more versatile in the damage it does. The latest strain of such malware is strictly after financial data while in the meantime conducting spy operations. The threat’s name is EventBot.
EventBot Android Malware: What It Can Do
The EventBot Android malware is currently under investigation carried out by the Cybereason Nocturnus researchers. According to their findings, the malware first appeared in March 2020.
How is EventBot classified? It falls under the category of mobile banking Trojan (Android trojan) and information stealer, which is also capable of stealing user data from financial apps, reading and stealing SMS messages. The SMS actions help the malware bypass two-factor authentication.
Who is targeted? More than 200 mobile financial and cryptocurrency apps are in danger, including apps by PayPal, Barclays, CapitalOne UK, Coinbase, Revolut, and TransferWise. It should be noted that financial and banking services in Europe and the United States are explicitly targeted. Institutions in Italy, the UK, Spain, Switzerland, France, and Germany should be alerted about the potential threat posed by this new Android malware.
EventBot Is Still Under Development
Apparently, the malware authors are still working on their malicious code. There are indicators of version numbers 0.0.0.1, 0.0.0.2, and 0.3.0.1. There are also IDs dubbed “test” in its codebase
Despite being new and in active development, the malware shows great potential, even in these early stages. The researchers believe that it has the great potential to become the next big mobile malware. EventBot is constantly being improved; it is capable of abusing a critical operating system feature; it targets financial apps.
Why is EventBot potentially dangerous to businesses? By accessing and stealing valuable user information, system information, and data stored in other apps, the malware can access key business data, the researchers reveal.
60% of devices containing or accessing enterprise data are mobile, and mobile devices tend to include a significant amount of personal and business data, assuming the organization has a bring-your-own-device policy in place. Mobile malware is a significant risk for organizations and consumers alike, and must be considered when protecting personal and business data.
Is EventBot hiding in Google Play Store? Apparently, not yet. However, the researchers were able to find several icons the malware is using to masquerade as a legitimate application. “We believe that, when it is officially released, it will most likely be uploaded to rogue APK stores and other shady websites, while masquerading as real applications,” the team says.
How can users stay protected? There are several security recommendations that both individual and business users can follow to reduce the risk of an infection. Here they are:
- Keep your mobile device up-to-date with the latest software updates from legitimate sources.
- Keep Google Play Protect on.
- Do not download mobile apps from unofficial or unauthorized sources. Most legitimate Android apps are available on the Google Play Store.
- Always apply critical thinking and consider whether you should give a certain app the permissions it requests.
- When in doubt, check the APK signature and hash in sources like VirusTotal before installing it on your device.
- Use mobile threat detection solutions for enhanced security.