New Android malware EventBot steals data from financial apps

New Android malware EventBot steals data from financial apps

Researchers have discovered a new form of Android malware that steals user data from financial applications. Security researchers at Cybereason discovered the new malware in March and named it ‘EventBot’.

EventBot is described as an information stealer, and a trojan focused on mobile banking. The malware takes advantage of Android’s accessibility to steal user data from financial applications. EventBot also has access to the text messages of infected users. With this information, the malware can bypass two-factor authentication.

EventBot is distributed through malicious Android apps that take the form of legitimate applications. When installing these apps, EventBot requests access to Android’s accessibility services. Once those permissions are granted, the malware is active in the background. Each keystroke by unsuspecting users is then recorded.

The malware targets users of more than 200 financial applications, such as banks and cryptocurrency wallets. Some examples of targets are Paypal, Paysafecard and Barclays. According to Cybereason, this brand new malware could become the next major mobile malware threat. “The malware is constantly being improved, exploits critical operating system functions and targets financial applications.” The research team has discovered four different versions of EventBot since the beginning of March, and each new version makes it more challenging to analyse the malware.

How do you protect your data from EventBot?

The simplest advice to avoid EventBot is to ensure you never download applications from unofficial or unauthorised sources. Cybereason recommends turning on Google Play Protect. Another critical step is to update all Android devices with the latest security software. But if you want to make sure you are not hacked, you can always check the APK signature of applications in an online application like Virus Total. That way, you can be sure that the application you are about to download is the legitimate version and not a malicious copy.