Security researchers are sounding the alarm because Android malwarecalled Eventbot. It was recently discovered by the security firm Cybereason and targeting cryptocurrency banking and wallet applications.
How does EventBot work?
Malware disguised as a legitimate Android application such as Adobe Flash or Microsoft Word for Android. What does this allegedly legitimate application do? They misuse Android's built-in accessibility features to gain in-depth access to mobile operating systems.
Once installed, either by unsuspecting users or by bad guys with access to the victim's phone, fake applications are infected by EventBot silently extracts passwords from over 200 crypto and banking applications. Like what? Such as PayPal, Coinbase, CapitalOne and HSBC, and two-factor authentication and text messaging.
With victim passwords and two-factor codes, hackers can access bank accounts, applications, and wallets, and steal victims' funds.
"The developers behind Eventbot have invested a lot of time and resources into creating the code, and its level of sophistication and capability is extremely high," he said. Assaf Dahan |, Head of Cybereason threat research at TechCrunch.
Malware silently records every keystroke. Too much can read notifications from other installed applications. This gives the hacker a window on what happened to the victim's cellphone.
Over time, malware switches passwords from banking and cryptocurrency applications to hackers' servers.
The malware was discovered in March
The researchers say that EventBot still works. In the weeks since its discovery in March, researchers have found that malware is constantly being updated every few days to incorporate new harmful features.
Just a moment, malware creators are enhancing encryption schemes he uses to communicate with hackers. They also include a new feature that can obtain a user's phone lock code. This may allow malware to give the victim's cellphone greater rights. Like what? Like payments and system settings.
But while researchers don't know who's behind the campaign, their research shows that the malware is new.
"So far, we have not seen a clear case of inserting or reusing code from other malware and it seems to have been written from the beginning," Dahan said.
EventBot is on the rise
The Android malware is nothing new, but it is growing. Hackers and malware operators are increasingly targeting mobile users. Why? Because many mobile phone owners have their banking applications, social networks and other sensitive services on their phones.
Google has improved Android security in recent years by detecting applications in your application store and proactively blocking third-party applications to reduce malware, with varying results. Many malicious applications have prevented Google detection.
Cybereason says it has not seen EventBot in the Android app store or been involved in a malware campaign. This limits exposure to potential victims, for now.
But researchers say consumers should Avoid unreliable applications from third party websites and stores. Many do not detect your application for malware.