This sophisticated new Android trojan threatens hundreds of financial apps
Malicious new Android malware is under active development
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Researchers have discovered a sophisticated new Android trojan that bypasses security measures and scrapes data from financial applications.
First identified in March, the EventBot banking trojan abuses Android’s accessibility features to harvest financial data and intercept SMS messages, allowing the malware to circumventtwo-factor authentication.
According to Cybereason, the firm responsible for the discovery, EventBot targets over 200 financial applications, spanning banking, money transfer and cryptocurrency wallet services.
Affected applications include those operated by major players such as HSBC, Barclays, Revolut, Paypal and TransferWise - but many more are thought to be at risk.
Android banking trojan
Despite its relative infancy, EventBot is said to exhibit a high level of sophistication and is also under active development, with developers publishing more advanced iterations every few days. The malware appears to have been built from the ground up, with “code that differs significantly from previous Android malware,” according to security analysts at Cybereason.
EventBot does not currently feature on theGoogle Play Store, suggesting its operators are distributing the malware via illegitimate application stores and rogue websites. The trojan has been seen to masquerade as popular applications such asMicrosoftWord andAdobeFlash Player.
Beyond stealing financial data, the trojan can also access system information, personal data, passwords and keystrokes - all of which can be used to hijack transactions and other online accounts.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Cybereason believes EventBot could be the next influential mobile malware because of the time the developer has already invested into creating the code…the level of sophistication is really high,” said Assaf Dahan, Head of Threat Research at Cybereason.
“By accessing and stealing this data, Eventbot has the potential to access key business data, including financial information. Mobile malware is no laughing matter and is a significant risk for organisations and consumers alike,” he added.
To minimise exposure to the new EventBot trojan, Android users are advised to download the latest software updates from legitimate sources, ensureGoogle PlayProtect remains active at all times and exercise critical thinking when setting application permissions.
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.
Scammers are using fake copyright infringement claims to hack businesses
HPE reveals critical security bug affecting networking access points
From Dishonored to Mafia: Definitive Edition, some of my favorite games are free right now for Amazon Prime members
