CONTEXT:
Over the years, Hackers across the globe have been targeting financial apps. The vogue of web contamination continues. Recently, a new Android malware has been found which targets over 200+ financial apps. Researchers warn that “EventBot” Android malware could be the next big threat to Smart mobile phones. The alleged Android mobile application has been configured to steal payment data from users of popular financial apps like CapitalOne, Barclays, PayPal and more. The malicious Android malware was First identified in March 2020, the App is still in early development. But the investigator warns that the app is still in its development progress. Eventbot is rapidly emerging with new variants and is being released every few days.
What is EventBot?
Eventbot is a newly discovered next generation of Android malware, spyware and keylogger. It is configured to steal credentials and important information from the user’s device. It penetrates the system’s firewall and steals your internet usage data and sensorial information. Also, it sneaks on your device to observe your activity and steals sensitive information like bank specifications and passwords.
Consequences of this Android Malware?
Eventbot can cause some serious complications which may lead to compromise your system. Since it has been found malicious, google had removed it from its web store. As a result, it is currently not available on the Google Play app web stores, but investigators said the Android malware is nevertheless masquerading as authentic applications. Researchers believe that the application is likely being uploaded to rogue APK stores and third-party websites. The app coexists under the semblance of real applications, such as Adobe Flash or Microsoft Word apps.
Once the Android malware is installed on victims device, the malware asks for various permissions. Since the malware hides and exists under the pretence of being a legitimate app. The app asks for administrative permissions. These permissions grant administrative access to launch itself after a system reboot, run and use data in the background, read and receive text messages, access information about networks and more.
Also, EventBot provokes the victim to give it access to Android’s accessibility services, commanding overall services. Android accessibility services are mostly used to support person with disabilities using Android devices and apps. However, these are also often exploited by malware, to trigger the system.
Insight:
Meanwhile, Access to such permissions gives the malware the ability to administer as a keylogger and retrieve valuable notifications about numerous installed applications. It uses this feature to access relevant user data, system erudition and data stored in other applications. Also, EventBot can intercept SMS messages and skirt two-factor authentication mechanisms. While the execution of the Android malware, EventBot prompts to download a configuration file with the capability to exploit 200 different financial apps.
“This brand-new Android malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications,” said Daniel Frank, Lior Rochberger, Yaron Rimmer and Assaf Dahan with Cybereason
How Shall I prevent?
Prevention is the best solution to such problems. So below are some steps to mitigate the attack.
1. Keep Your Software Updated
Developers releases patches and update regularly. It is always advised to update the operating system, antivirus and virus database on your system. With updated tools, the software can distinguish and eliminate venerable Android malware. Therefore, it is advised to install reputed antivirus software and firewall.
2. Don’t Click on Popups
If a website prompts to launch a popup at you, don’t click on “I agree” without reading it thoroughly. Clicking on “ agree” or “OK” might install an Android malware on your system.
3. Use a Secure verified Browser
Security must be the priority. With a more secure browser, there are fewer uncertainties of installing malware in your system. Besides, Do not ever use any third party licensed software.
4. Don’t click on suspicious links in emails
Until and unless you’re not 100% sure of the integrity of the sender, don’t click on any suspicious email. Also, do not download any media files attached to such emails. However, Intruders may bind a payload with the files and gain access to your system.
5. Also, Avoid using pirated software
Numerous websites provide premium software at free of cost. This software is pirated software. These are Android malware from untrusted sources contain spyware or ransomware.
