Cashless and paperless transactions.
That is just how others do it nowadays. Many use Google Pay, Apple Pay, and other cashless payment services for their day-to-day transactions.
And others even have mobile banking apps installed in their smartphones. This way, they can have convenient and fast transactions – all in just a few clicks.
Security researchers are sounding the alarm over a newly discovered Android malware.
Apparently, this malware steals users’ banking credentials, cryptocurrency wallets while bypassing two-factor authentication.
New Android malware that steals banking passwords has been discovered
It seems like users have no escape.
Whether handling banking transactions through physically going to the bank or virtually through your phone, there will always be someone or something that steals from you.
This malware poses as a legitimate Android app such as Adobe Flash or Microsoft Word for Android, which abuses Android’s in-built accessibility features to acquire deep access to the phone’s operating system.
The malware will be installed either by an unsuspecting user or by a malicious person who has access to a victim’s smartphone.
Once installed, the EventBot-infected fake app silently gets passwords for more than 200 banking and cryptocurrency apps.
These include PayPal, Coinbase, CapitalOne, and HSBC.
And the most alarming thing is the malware bypasses two-authentication codes.
How dangerous is this Android malware?
Now that the malware has gotten a hold of the user’s password and two-factor code, the hackers can then break into their bank accounts, apps and wallets, and steal the unsuspecting victim’s funds.
According to the head of threat research at Cybereason Assaf Dahan, “the developer behind Eventbot has invested a lot of time and resources into creating the code, and the level of sophistication and capabilities is really high.”
As technology has become increasingly intelligent so as the malware. It quietly records every tap, keypress, and can read notifications from other apps.
It is like getting a peek into what’s happening inside the victim’s smartphone.
The researchers said that EventBot malware remains a work-in-progress. Since its discovery in March, the researchers saw the malware iteratively updates every few days to include new malicious features.
In fact, at one point the malware’s creators improved the encryption scheme it uses to communicate over with the hackers’ server.
Another, it included a new feature that can grab a user’s device lock code. This will likely grant itself privileges to the victim’s device such as payments and system settings.
Be extra vigilant with your smartphones…
The malware is believed to be brand new. The researchers have no idea who is behind the campaign.
“Thus far, we haven’t observed clear cases of copy-paste or code reuse from other malware and it seems to have been written from scratch,” said Dahan.
Generally, Android malware is not new. Every now and then there are reports about such malware, and it will continue to rise this year according to some experts.
Since many mobile users have their banking apps, social media, and other personal information stored in their phones, this has been a particular target among hackers.
As a result, Google has improved Android security in recent years. One by screening apps in the Play Store. Two, by proactively blocking third-party apps.
Still, many malicious apps have managed to evade Google’s detection.
Cybereason has not yet seen EventBot on Android’s Google Play Store. The good news – this limits the malware’s exposure to potential victims for now.
In order to prevent this, researchers said users should avoid untrusted apps from third-party sites and stores. Many of these sites don’t screen apps for malware so it is much more prone to hacking.