Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » News » Potentially significant banking malware found in the wild

Potentially significant banking malware found in the wild

by Chris Stokel-Walker
30 April 2020
in News
0
hacker using phone
63
SHARES
There’s no evidence yet it’s been used, but it could be dangerous

A potentially enormous exploit targeting online banking apps has been identified by a group of researchers.

The EventBot mobile banking trojan and infostealer could abuse Android’s accessibility features to steal data from more than 200 different banking apps around the world, as well as reading and stealing SMS messages that could theoretically allow it to bypass two-factor authentication.

Discovered by the Cybereason Nocturnus team in March 2020, the EventBot trojan runs the risk of becoming “the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications,” the researchers say.

A cybersecurity nuclear weapon

Though there’s no evidence that the malware has yet been deployed, nor any evidence that anyone has fallen victim to the trojan, Cybereason Nocturnus’s team still felt the need to blow the whistle because of the risk that it posed to the digital banking sector. 

“If you knew that someone was developing a nuclear weapon, you would want to know about it, even if no one got hurt so far,” says Assaf Dahan, one of the team who identified the trojan targeting banking applications across the United States and Europe. “The developer behind Eventbot has invested a lot of time and resources into creating the code, and the level of sophistication and capabilities is really high.”

Dahan and colleagues were persuaded to raise awareness when they looked at the “highly targeted list of 200 apps” that they claim is “a who’s who list in banking, money transfer and crypto.” Up to 60% of devices running Android are susceptible to the nascent malware, the researchers reckon.

Targeting Android users specifically

The team of researchers came across EventBot outside the Google Play Store – and are at pains to point out that it currently isn’t on the store. But the information they found out about it and have been tracking as the malware has developed since March shows that it could be a major risk.

Icons, including those for Microsoft Word and Adobe Flash, have been found in the malware’s file structure, hinting that it could try to masquerade as legitimate apps when eventually released. The researchers tracking EventBot’s development believe that it will likely be uploaded to rogue APK stores or unofficial app websites and could spread from there. 

A raft of permissions

Part of the way that EventBot seems to work, based on the research, is by accessing huge amounts of permissions on any device it is installed on. It can run in the background, install packages and read text messages. When installed, it asks for the ability to harness a phone’s accessibility services. Once those are approved, the app can essentially act as a keylogger, siphoning off information in the background.

Digging into the target configuration file, the researchers discovered a long list of financial application targets the malware’s developers seem to be considering hitting. They include large names in the financial sector, including a number from Italy and the UK, as well as the US and elsewhere. 

The researchers have tracked the development of the malware over the course of the last two months and decided to go public to raise awareness proactively, rather than waiting for victims to surface once the trojan is out in the wild. Their advice to try and avoid falling victim to EventBot is relatively simple: don’t download apps from unofficial sources, apply critical thinking when granting phone permissions to apps, and always check the APK signature and hash on sites like VirusTotal before installing.

Share63TweetShareShare
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
5

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.