• Disclaimer
  • Copyright
  • About Us
  • Privacy Policy for Netfest
  • Contact
  • Advertise
Tech News, Magazine & Review WordPress Theme 2017
  • Home
  • News
  • Review
  • Gaming
  • Gear
  • Computers
  • Applications
  • Security
No Result
View All Result
  • Home
  • News
  • Review
  • Gaming
  • Gear
  • Computers
  • Applications
  • Security
No Result
View All Result
NetFest
No Result
View All Result

New Android Malware Steals Banking Passwords, Private Data, and Keystrokes

Nimesh Dama by Nimesh Dama
20 May, 2020
Home News
Share on FacebookShare on Twitter

A new form of mobile banking malware has been discovered that exploits the accessibility features of Android to exfiltrate confidential data from financial apps, read consumer SMS messages and hijack two-factor authentication codes based on SMS.


Named “EventBot” by Cybereason analysts, the malware will target more than 200 specific financial applications, including banking, money transfer services, and crypto-currency wallets such as Paypal Corporation, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase.

SCA 080 Blog V01
Credit : thehackernews

“EventBot is particularly interesting because it is in such early stages,” the researchers said. “This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications.”

The program, first reported in March 2020, hides its sinister intent by posing as legitimate applications (e.g., Adobe Flash, Microsoft Word) on rogue APK stores and other questionable websites, which need comprehensive system permissions when enabled.


The rights provide links to security settings, being able to read from external files, sending and receiving SMS messages, working in the background and loading itself after device booting.

If a user grants access, EventBot operates as a keylogger and can “retrieve notifications about other installed applications and open window content,” in addition to taking advantage of Android’s accessibility services to capture lockscreen PIN and transmit all the data collected to an attacker-controlled server in encrypted format.


The ability to parse SMS messages also makes the banking trojan a useful tool for bypassing SMS-based two-factor authentication, thus giving the opponents easy access to the cryptocurrency wallets of a victim and stealing funds from bank accounts.

This isn’t the first time financial institutions have been attacked by smartphone malware. Last month, IBM X-Force researchers outlined a new TrickBot program, dubbed TrickMo, which was discovered specifically targeting malware users in Germany who misused accessibility apps to steal a one-time password (OTP), mobile TAN (mTAN), and pushTAN authentication codes.

“Giving an intruder access to a mobile device may have serious business implications, particularly if the end-user uses their mobile device to address important business issues or access financial details for businesses,” concluded Cybereason researchers. “This can lead to brand degradation, loss of reputation or loss of consumer confidence.”

EventBot’s family of malicious apps may not be active on the Google Play Store, but it’s yet another reminder of why users should stick to official app stores and avoid sideloading apps from untrusted sources. Google Play Protect will also go a long way to shielding users against ransomware by holding the apps up-to-date and turning them on.

Tags: MalwareSteals BankingTrickBotTrickMo
Nimesh Dama

Nimesh Dama

Founder and Editor-in-Chief of 'NetFest News,' Nimesh is a cybersecurity analyst, Gadgets review, Tech News, Information Security professional, developer, and a white hat hacker

Next Post
TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

Leave a Reply Cancel reply

Recommended

TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

20 May, 2020
PUBG Mobile India Download 1.2 Beta APK Download Released For Android Users

PUBG Mobile India Download 1.2 Beta APK Download Released For Android Users

14 December, 2020

Trending

New Android Malware Steals Banking Passwords, Private Data, and Keystrokes

New Android Malware Steals Banking Passwords, Private Data, and Keystrokes

20 May, 2020
Apple Downplays Threat Posed by Newly Disclosed Zero-Days in iOS

Apple Downplays Threat Posed by Newly Disclosed Zero-Days in iOS

20 May, 2020
[ No Ban ] Antenna, Aimbot, No Root 2020 PUBG Mobile VENOM Hack

[ No Ban ] Antenna, Aimbot, No Root 2020 PUBG Mobile VENOM Hack

30 June, 2020
PUBG Mobile India vs PUBG Mobile India after the ban: What are the big changes in the current version?

PUBG Mobile India vs PUBG Mobile India after the ban: What are the big changes in the current version?

14 November, 2020
MAD MIRAMAR MAD AHEAD OF 7 MAY LAUNCH PUBG TEASER VIDEO REVEALS PUBG MAD LAUNCH

WALTER BLACK ESP V3 Download SEASON 13 PUBG 0.18.0

1 June, 2020
NetFest

We bring you the best Premium Tech News,Review & Penetration Testing News, magazine, personal blog, etc. Check our landing page for details.

Categories

  • Apple
  • Applications
  • Camera
  • Computers
  • Gaming
  • Gear
  • Laptop
  • Microsoft
  • News
  • Review
  • Security
  • Smartphone

Recent News

For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

20 August, 2021
If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

11 July, 2021
  • Trending
  • Comments
  • Latest
Apple Downplays Threat Posed by Newly Disclosed Zero-Days in iOS

Apple Downplays Threat Posed by Newly Disclosed Zero-Days in iOS

20 May, 2020
PUBG Mobile India vs PUBG Mobile India after the ban: What are the big changes in the current version?

PUBG Mobile India vs PUBG Mobile India after the ban: What are the big changes in the current version?

14 November, 2020
For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

20 August, 2021
If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

11 July, 2021
  • Disclaimer
  • Copyright
  • About Us
  • Privacy Policy for Netfest
  • Contact
  • Advertise

© 2020 NetFest - Tech News,Review & Penetration Testing News. by NetFest.

No Result
View All Result
  • Home
  • News
  • Review
  • Apple
  • Applications
  • Computers
  • Gaming
  • Gear
    • Laptop
    • Camera
    • Smartphone
  • Microsoft
  • Smartphone

© 2020 NetFest - Tech News,Review & Penetration Testing News. by NetFest.

Go to mobile version