Cybereason, a security research company, has discovered a new type of Android Trojan designed for applications related to banking and money transfers. The malware, called EventBot, is capable of collecting sensitive data and even intercepting 2fa SMS messages. EventBot has targeted dozens of apps and wallets for the Android OS cryptocurrency, including Binance, marker-dao.com, CoinMarketCap, Mycelium Wallet, CoinGecko, CEX.IO, Blockfolio, BitPay, and many others.
The new EventBot is designed for banking and financial applications on Android
According to a report by Cybereason, a security research company, the malware was first detected back in March and differs significantly from previously known malware, since most of the detected code is written from scratch.
EventBot is still under active development, and new versions are released every few days with new improvements and features. In an email provided by CryptoSlate, Cybereason explained that the malware is masquerading as a legitimate app, although it is not currently available in the Google Play Store.
Once installed by unsuspecting users, EventBot continues to use Android features to gain access to valuable user information, system information, and data stored in other apps. Malware can even intercept SMS messages sent to users ‘ phones as part of two-factor authentication (2FA).
“The Cybereason Nocturnus team concluded that EventBot can work with almost 300 different banking and financial applications, most of which are applications for European banks and cryptocurrencies.”
Large cryptographic companies vulnerable to EventBot attacks
As part of its investigation, Cybereason tried to identify the people behind EventBot, but found that the malware is still under development and, as such, has most likely not yet been used for major attacks.
In the Appendix to the security report, Cybereason listed all the companies affected by the malware.
The list includes 296 different banking and financial apps, including PayPal Business, Revolut, Barclays, UniCredit, Lloyd’s, HSBC UK, Santander UK, Transferwise, etc. In addition to Android apps for some of the world’s largest banks, the list also includes a host of crypto companies.
Some of the industry’s biggest players, such as marker-dao.com, have been attacked by malware. The Cybereason report also lists cryptocurrency exchanges CEX.IO, Changelly, Poloniex, WazirX, Bitstamp, and Bitpanda are vulnerable to EventBot attacks.
The company advised users not to download mobile apps from unofficial or unauthorized sources and to use solutions to protect mobile devices if they believe that the app may be infected with malware.