Researchers have discovered a sophisticated new Android trojan that bypasses security measures and scrapes data from financial applications.
First identified in March, the EventBot banking trojan abuses Android’s accessibility features to harvest financial data and intercept SMS messages, allowing the malware to circumvent two-factor authentication.
According to Cybereason, the firm responsible for the discovery, EventBot targets over 200 financial applications, spanning banking, money transfer and cryptocurrency wallet services.
Affected applications include those operated by major players such as HSBC, Barclays, Revolut, Paypal and TransferWise – but many more are thought to be at risk.
Android banking trojan
Despite its relative infancy, EventBot is said to exhibit a high level of sophistication and is also under active development, with developers publishing more advanced iterations every few days. The malware appears to have been built from the ground up, with “code that differs significantly from previous Android malware,” according to security analysts at Cybereason.
EventBot does not currently feature on the Google Play Store, suggesting its operators are distributing the malware via illegitimate application stores and rogue websites. The trojan has been seen to masquerade as popular applications such as Microsoft Word and Adobe Flash Player.
Beyond stealing financial data, the trojan can also access system information, personal data, passwords and keystrokes – all of which can be used to hijack transactions and other online accounts.
“Cybereason believes EventBot could be the next influential mobile malware because of the time the developer has already invested into creating the code…the level of sophistication is really high,” said Assaf Dahan, Head of Threat Research at Cybereason.
“By accessing and stealing this data, Eventbot has the potential to access key business data, including financial information. Mobile malware is no laughing matter and is a significant risk for organisations and consumers alike,” he added.
To minimise exposure to the new EventBot trojan, Android users are advised to download the latest software updates from legitimate sources, ensure Google Play Protect remains active at all times and exercise critical thinking when setting application permissions.