30.04.2020

Eventbot, a new mobile banking Trojan

Cybereason Nocturnus team has identified a new type of Android mobile that targets users of over 200 different financial applications, including banking, money transfer services, and crypto-currency wallets. It specifically targets financial banking applications across the United States and Europe, including Italy, the UK, Spain, Switzerland, France, and Germany.

EventBot is a mobile banking trojan and infostealer that abuses Android’s accessibility features to steal user data from financial applications, read user SMS messages, and steal SMS messages to allow the malware to bypass two-factor authentication.

Cybereason investigation team stresses that this new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications.

The Nocturnus’ research offers an interesting peak into malware authors activities and processes when optimizing before actual launch. A complete review of the progression of the malware over time, list of apps targeted apps and security recommendations can be found on the Cybereason blog