All you need to know about EventBot



As the day passes by, Android is becoming more and more of a target for the hackers, and this statement is again proven by the newly found Trojan Called EventBot.

What is EventBot?

EventBot is a new banking trojan discovered by the researchers which has the ability to steal information from banking apps, read your messages, and even implant keystrokes.

How EventBot reaches your android device?

EventBot disguises itself as well recognised apps like MS Word, adobe flash player, etc, in some 3rd party app stores and some shady websites. The user downloads the app thinking it a legit app and the trojan reaches the device.

What does this Trojan actually do?

After getting installed in the device, the trojan starts asking several permissions like:
Read, receive and send SMS, Show window on top of another app, let the app use data in the background, let the app run in the background, and many more.
After all this EventBot ask the user to grant it Accessibility service. When an unsuspecting user grants this permission, EventBot gains the ability to act as a keylogger, access information about other apps installed on the device, scan window content, and many more.
Once it is granted all the permission, it starts collecting data. It uses its permission to run in the background to send data to a remote server which attackers control. As it has access to SMS messages, so it can bypass any 2FA set by the user.
Over 200 financial applications including mobile banking, money transfer services, and crypto-wallets are targeted by EventBot. It includes services like Paypal business, TransferWise, Coinbase, HSBC UK, CapitalOne UK, and many more.

It is currently targeting financial banking applications that are based in the United States and Europe.

What the researchers say about the EventBot Trojan?

The Cybereason Nocturnus team in a post written that EventBot is still in its early stages and has the potential to become a big threat. The trojan is getting constant iterative improvements and poses a threat to become the next big mobile malware.

What can you do to be on the safe side?

The Cybereason team suggests to only download apps and games from the Play Store, as the trojan is only present in 3rd party app stores.

To stay safe all time stick to Google's Play Store, as Google has a strict app policy. Also Google Play protect found in the Play Store scans apps to provide you an extra layer of security.



Thank you for visiting BloomShot.

Don't forget to share the page with your friends.