Friday, November 27, 06:41
Home security Android mobile malware mimics bank apps in US-Europe

Android mobile malware mimics bank apps in US-Europe

Android mobile malware

A new form Android mobile malware aims banks and money and finance services with purpose the theft of financial data of customers and businesses.

The research team Cybereason Nocturnus said that EventBot appeared in March and combines one Trojan and software information theft (information stealer). Android mobile malware can steal finances data users while at the same time can spy the victims.

EventBot aims above 200 mobile economical and cryptocurrency applications, including those offered by PayPal, Barclays, CapitalOne UK, Coinbase, TransferWise and Revolut. Targeted financial and banking services are mainly located in Europe And the USA.

EventBot is abusing Android's accessibility features to infringe on them Appliances. Malicious software disguised as legal application, and once downloaded, requests a set of permissions.

Permits required include: access accessibility features, packet installation checks, external storage reading, background execution, etc.

If a victim accepts, Android mobile malware can “work as keylogger and may retrieve notifications about other installations applications and content, ”say the researchers.  

At present, the majority of targeted institutions are located in Italy, the United Kingdom, Germany and France.


It is also downloaded command-and-control (C2) URLs. The information sent between EventBot and C2s are encrypted via Base64, RC4 and Curve25519.

"All the latest versions of EventBot contain one ChaCha20 library that can improve performance compared to other algorithms such as RC4 and AES", however, it is not used at the moment", the group notes. "This means that the creators are working on optimizing EventBot."

Malicious software collects data systemic from the device and steals SMS messages (which is very useful for bypassing two-factor authentication), while at the same time being able to performs web injections, steals Samsung screen PINs, spy on and steal data not only from the user's device but also from applications, due to abuse of accessibility.

Cybereason believes that EventBot could be one of the most dangerous Android mobile malware in the future, as "is constantly improving, abusing a critical operating system and targeting financial applications".

Malware is under development, so it's not easy to connect with others software. However, the EventBot and C2 infrastructure revealed a possible connection to an Android information stealer that had previously been detected in attacks in Italy.

Cybereason says Android mobile malware, EventBot, shows that mobile attacks become more common, and the problem may worsen now that most people use apps to do their jobs since they are locked in home because of them Mesures COVID-19.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!



The value of Bitcoin and other digital currencies fell

The value of Bitcoin and other digital currencies fell on November 25, which triggers scenarios regarding the duration of the explosion ...

Which are the countries with the most economical internet?

Although the Internet is available in almost every country in the world, the cost of subscription, speeds and salaries of citizens ...

How to choose which extensions will appear in the Firefox toolbar

If you are using extensions with Mozilla Firefox and want to add or remove some extension icons from the toolbar, you can ...

WhatsApp OTP Scam: steps to avoid hackers

WhatsApp is gaining more and more reputation as one of the most used mobile messaging applications worldwide, with more users ...

Sophos notifies some customers that their personal information has been exposed

The British cybersecurity and hardware company Sophos sent an email to some of its customers to inform them that their personal ...

A $ 6 million fine was imposed on Facebook for data sharing

Facebook has been fined 6,7 billion won (about $ 6 million) for sharing user data from Korea without ...

How to turn off "Blood Oxygen Monitoring" on the Apple Watch

Apple Watch Series 6 and newer versions come with "blood oxygen monitoring" function. It records even in the background the ...

Ransomware attack hits Baltimore school district!

The Baltimore School District was attacked by ransomware on Nov. 25 and shut down its affected network systems. THE...

Google Chrome: Execute commands via the address bar

Google has released a new feature in Google Chrome 87 that lets you run commands from the address bar.

Belden: Network device maker under cyber attack!

The manufacturer of network devices "Belden" was attacked by cyber, as a result of which the hackers behind it stole files containing information ...