Skip to Content
Android Escobar malware lets thieves steal 2FA codes
© Mikhail Primakov | Dreamstime.com
Security & privacy

This dangerous malware can steal 2FA codes to break into your accounts

Two-factor authentication (2FA) is one of the most robust security measures you can utilize. Essentially, it creates an added layer of protection where you must verify your identity a second way, along with your credentials.

If cybercriminals had a way to steal your 2FA codes, they could infiltrate your accounts. Unfortunately, that’s happening now with a dangerous malware variant making the rounds.

The malware is an updated version of Aberebot, an old banking trojan. Read on to find out what the sneaky malware can do and how to protect yourself from it.

Here’s the backstory

Security researchers at Cyble got wind of an app that bears a striking resemblance to the popular McAfee anti-virus application, but with one difference. While the questionable app had the same name and icon as the actual application, it had malware hidden inside.

The team realized that the development name for the app was com.escobar.pablo, and that it’s an updated version of the destructive Aberebot banking trojan. Hackers primarily use the malware to steal login details and have already targeted customers of more than 140 banks worldwide.

But according to Cyble, the additional features of the new Escobar variant is of most concern. Besides the usual attack methods, this updated version can intercept your data from Google Authenticator.

If you rely on the Authenticator app for 2FA codes, you could be at risk. Hackers can infiltrate your online accounts if the login process is compromised and hijack them.

What you can do about it

Escobar malware is embedded into the fake McAfee Android app, but it could evolve and wind up in more apps. In addition, researchers found an online post where hackers are reportedly selling the malware at $3,000 per month for the beta version.

One way to protect yourself from malware is to install Android apps from the official Google Play Store and avoid third-party stores. Here are more ways to stay safe:

  • Have trustworthy antivirus software on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
  • If your Android phone is capable, turn on Google Play Protect. It’s an added malware prevention tool from Google to keep your details safe. You can turn it on by opening the Settings app, tapping on Google, then Security, and finally Google Play Protect.
  • Read app reviews and ratings before installing them to see if other users have complained about them. If an app is caught hiding malware or causing problems, you might find a warning from others.

Keep reading

Check your phone! Using one of these scam 2FA apps is a privacy disaster

Don’t make this mistake using 2FA – Your texts could be hijacked

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days