Recently, security researchers from Cybereason - after several weeks of research - have raised the alarm about a new malware that attacks android mobile phones, which affects banking applications and cryptocurrency wallets.
Malueri, which Cybereason researchers discovered last month and called EventBot, is a legitimate application for android - such as MS Word for Android or Adobe Flash for Android - to then abuse the implicit features of Android so as to gain as many privileges in the mobile operating system.
EventBot is a Trojan that steals users' bank credentials through legitimate mobile banking applications.
Once installed, EventBot requires access to accessibility services, which the service uses to steal user data from financial applications. Once this malware gets access to this service, it can also act as a "keylogger". You can also read sms messages through which you can bypass verification with 2 factors (V2F).
Once an EventBot-infected application is installed - whether by carelessness or by a malicious person who has access to your mobile phone - the malware secretly steals the passwords of over 200 banking applications and crypto-currency applications, including PayPal, HSBC, Revolut, Barclays , Unicredit, Santander, CapitalOne, Coinbase, TransferWise, paysafecard, etc. as well as has the ability to eavesdrop on sms messages used for V2F. This Trojan attacks financial banking applications in android, especially in the US, UK, and European countries such as Germany, Switzerland, France, Spain, and Italy.
If he manages to steal the V2F password and codes, the attacker can practically access the victim's bank account, as well as crypto-currency wallets and steal all the funds inside them.
"EventBot is particularly interesting because it is in its earliest stages of development," writes Cybereason, adding that "this malware has the potential to become the most dangerous malware for mobile, as it is in development, taking advantage of a critical feature." of the operating system, as well as financial applications. ”
So far, in just a few weeks, several versions of it have emerged - the latest of which is version 0.4.0.1 - including in each version new features for attack such as the use of dynamic libraries, encryption, and customization of manufacturers and locations. different, indicating its true detrimental potential. In addition, in newer versions it supports other languages, such as version 0.3.0.1 includes Italian and Spanish.
Malueri quietly records every click on the mobile and every keystroke, and can read notifications from other mobile apps as well, giving hackers a clear picture of what's going on in the victim's device. In one version (0.3.0.1), the malware can even steal the screen lock code so that it can unlock the device without the victim's knowledge by receiving the highest privileges there, such as for payment or system settings.
Cybereason researchers say EventBot has yet to be seen in the Android Play Store, which is the official Android app store.
Researchers, on this occasion, warn against avoiding installing apps from unreliable sources, from unofficial and unreliable stores and sites, most of which do not scan their malware applications.
Although it is not yet known who is behind the development of the EventBot malware and that the malware did not appear in any massive attack, it is important to follow its development from the beginning, knowing that this malware has developed from scratch, not get ready code from any previous maluer.
An application that records every key you press
Version 0.0.0.1 includes 185 different applications, including the official applications of many of the world's banks, of which 26 are from Italy, 25 are from the United Kingdom, 6 from Germany, 5 from France, and 3 from Spain. . But there are also from Switzerland, Austria, Poland, and other countries.
Be careful whenever you install or give any permission to any page or application, highly recommend to check for the history of that page or aplication before installing or giving the permission!!!
