Nasty malware steals banking passwords and 2FA codes

Nasty malware steals banking passwords and 2FA codes
© Solosergio | Dreamstime.com

Phone-exclusive malware might sound far fetched, but as any Android user can tell you, it’s very real. Most people use their phones more than their computers nowadays, which makes them a perfect target for malicious apps that steal personal data and spy on their victims.

Most of the time, these malicious apps are found on sketchy off-brand app stores where anyone can upload and share their files. Others manage to sneak through the Google Play Store’s lackluster moderation until cybersecurity researchers point them out. Tap or click here to see what the last batch of malicious Google Play apps did.

But now, a new kind of Android-focused malware is emerging that puts previous ones to shame. This highly specialized software is built to target banking apps and cryptocurrency wallets by stealing passwords and two-factor authentication codes. Here’s what we know about this new threat, and how it might be spreading in the future.

EventBot: A digital disaster in the making

Unlike a good deal of malware floating around on the web, EventBot has a highly professional sheen to it. According to the security researchers at Cybereason who discovered the malware, the developer appears to have spent a good deal of time and effort on it. Not only is the program unusually sophisticated, but its effects are also devastating to victims.

The malware can masquerade as a legitimate Android app like Microsoft Word or Adobe Flash, which it uses to get the permissions it needs to deeply infect your device. Once installed, it quietly records keystrokes and notifications while scanning for bank account apps to monitor. Tap or click here to see why keyloggers are so dangerous.

Banks and cryptocurrency apps at risk for EventBot include some of the biggest names in the biz, including Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase, Paysafecard and many others.

Next, EventBot feeds anything it finds to remote servers for hackers to claim. And because it can read notifications and text messages, not even 2FA texts are immune to the malware. If someone were to attempt bank fraud using stolen account data, EventBot would be the perfect tool for the crime.

EventBot even includes highly complex encryption to protect its communications with its creator, which has proven to be an obstacle for security researchers. Even the folks at Cybereason don’t know exactly who is behind the program, but urge extreme caution to Android users who download apps from third-party app stores.

How can I protect myself from this nightmare software?

As horrible of a program as EventBot is, you don’t have much to worry about if you stick to Google Play for all your apps. Cybereason notes that the software has yet to appear in any major malware campaigns, and has not been detected in the Google Play Store.

Third-party app stores, on the other hand, are a huge vector for malware risk as it is. These stores are the most likely location for EventBot to appear, where it’s bound to disguise itself as a “free” download for an app that would otherwise cost money.

To stay safe, stick to apps you absolutely know and trust, and only download them from the Google Play Store. Google’s app repository may have issues of its own, but you can feel secure in the fact that mainstream software is unlikely to be hijacked or replaced with a malicious copycat.

Mobile malware will only increase in sophistication as time goes on. If you prepare yourself and stick to what’s familiar, you can avoid ever running into programs like EventBot.

If you’re carefree and download whatever you please, however, you might be in for a nasty surprise the next time you fire up your banking app. Tap or click here to discover the safest ways to pay and move money online.

Tags: Android, apps, cryptocurrency wallets, cybersecurity, malware, passwords