A new mobile-based trojan has been discovered that’s capable of compromising Android’s accessibility features in order to steal user data from banking applications and read user’s SMS messages, allowing the malware to bypass two-factor authentication.
Named Eventbot, the trojan was discovered by a group of cyber security experts from Cybereason Nocturnus, who found it targeting financial banking applications in the United States and Europe, including the UK.
Over 200 different financial applications have been susceptible to the Eventbot’s attacks, including banking, money transfer services, and cryptocurrency wallets operated by organisations such as HSBC, Santander, Barclays, Revolut, UniCredit, CapitalOne UK, Paypal Business, and TransferWise.
Daniel Frank, Lior Rochberger, Yaron Rimmer, and Assaf Dahan of Cybereason Nocturnus all contributed to the research into the trojan, details of which have been published on the cyber security group’s blog.
“EventBot is particularly interesting because it is in such early stages,” they wrote. “This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications.”
What’s particularly concerning is that this trojan is also capable of reading a user’s SMS messages, and therefore any security codes sent to a device as part of a two-factor authentication setup.
“60% of devices containing or accessing enterprise data are mobile. Giving an attacker access to a mobile device can have severe business consequences, especially if the end user is using their mobile device to discuss sensitive business topics or access enterprise financial information. This can result in brand degradation, loss of individual reputation, or loss of consumer trust.”
Last week, it was reported that threat groups are increasingly relying on trojanized apps posing as legitimate versions in order to spread surveillance-ware.