Android smartphone and tablet owners have been placed on high alert after researchers unearthed a terrifying new form of malware for the hugely-popular Google-developed operating system designed to target your savings. Yes, the latest malicious software, known as EventBot, is designed to steal crucial details from your banking apps, including the likes of PayPal, Barclays, CapitalOne UK, Coinbase, TransferWise, and Revolut.
The malware has been created in a bid to access details from both consumer and enterprise banking solutions – so small business owners desperately need to be on the look-out as well, not just those who have personal banking apps installed on their smartphones to check their balance on the move.
Researchers from Cybereason Nocturnus unearthed the new malware, which first surfaced last month so is still a relatively new threat for Android devices. According to the latest research, EventBot has been programmed to target more than 200 popular mobile finance and cryptocurrency services in Europe and the United States.
Most worrying of all, the crooks behind the malware seem to still be actively developing the code – with researchers spotting a number of different version numbers during their study. That means incremental improvements are likely being made to the malware – making it better at lifting your financial login details, or evading anti-virus solutions.
EventBot abuses the accessibility features built into Android to compromise your smartphone or tablet.
MORE LIKE THIS
iPhone users warned: Viewing this text can crash any Apple smartphone
So, how does your device become infected? Well, researchers believe that most people impacted with the virus are likely to have picked it up while installing games and applications from rogue APK stores. These app repositories are designed to offer a similar selection to the Google Play Store and users often find themselves stumbling across these solutions when the app store preinstalled on their device is missing the software they need – this can be common for Amazon Fire tablet owners who can’t find the software they need, or those with the latest hardware from Huawei which are prohibited from installing the Google Play Store or app Google-built apps due to the ongoing US trade ban.
The EventBot malware will often be found masquerading as a legitimate Android app, researchers say, this will allow it to trick users into accepting the required permissions.
The permissions requested include access to accessibility features, package installation controls, permission to open network sockets, read from external storage, as well as the option for the app to run in the background, and more.
Provided that you accept all of these requests, the EventBot malware can “operate as a keylogger and can retrieve notifications about other installed applications and content of open windows,” the researchers state. Once it has established which financial apps are installed on your device, it is able to download and update its configuration file to target the banking apps found on your smartphone.
The majority of targeted financial apps are from the UK, as well as Italy, Germany, and France.
“All of the most recent versions of EventBot [also] contain a ChaCha20 library that can improve performance when compared to other algorithms like RC4 and AES, however, it is not currently being used,” the Cybereason Nocturnus team adds. “This implies that the authors are actively working to optimise EventBot over time.”
Windows 10: Microsoft issues urgent warning that users will regret ignoring
- Windows 10 and Mac users warned: Your anti-virus app could have a flaw
As well as stealing system data from your device, the malware can also nab details from SMS messages sent to your phone which allows it to lift the one-time passcodes used for two-factor authentication – an important extra layer of security implemented by most banks and transfer applications.
Researchers also claim the malware can steal PINs on Samsung smartphone screens, steal data saved on your device and from applications used on the handset thanks to the abuse of accessibility features.
Cybereason believes EventBot has the potential to become a serious threat in the coming weeks or months because “it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications.”
Cybereason says that EventBot highlights how mobile attacks are becoming more common, a problem that not only impacts smartphone owners who want to check their bank balance, but also businesses relying on the same technology to check company financial data – something that is becoming critical as more people work from home during the pandemic.
Source: Read Full Article