EventBot

The EventBot malware is a newly spotted threat that targets Android devices. This threat can be classified as a banking Trojan and can prove to be very threatening. According to reports, the peak of the activity of the EventBot banking Trojan was around March 2020.

Many authors of banking Trojans opt to go after users in less developed countries, instead of targeting their wealthier counterparts. However, this is not what occurs with the EventBot banking Trojan. This threat appears to target users located in the United States and Europe mainly. The EventBot Trojan is capable of imitating a variety of popular banking portals and services such as PayPal, Coinbase, TransferWise, Revolut, Paysafecard, CapitalOne UK, etc. It would appear that the authors of the EventBot banking Trojan are applying updates to their creation rather often. Malware researchers came to this conclusion after detecting various copies of the threat, which all had minor differences from one another.

One of the variants of the EventBot Trojan discovered recentl appears to be disguised as a genuine application that managed to bypass the security checks of various sites and platforms. In future campaigns, it is likely that the EventBot banking Trojan may be distributed via bogus APK files.

When the EventBot Trojan is installed on an Android device, it will request permission to use the accessibility features on the system. This is a trick used by many authors of Android malware. The EventBot threat is able to collect information regarding the device’s installed applications, contacts list, running applications, text messages, software and hardware. Not only does the EventBot Trojan have access to the victim’s text messages, but it also can use them to bypass the 2FA (Two-Factor Authentication) that is utilized by many banking portals and payment services. Next, the EventBot Trojan would monitor the activity of the users, and once it detects that they have launched a banking or payment platform, it will display a bogus overlay. The goal of the fake overlay is to obtain the login credentials of the victim. This may result in significant financial losses for the victim.

The EventBot banking Trojan is a top-tier Android malware, certainly, which can cause serious damages to its targets. The authors of this threat are updating it regularly, which comes to show that this project is still active and threatening. Do not forget to protect your Android device from malware with a legitimate anti-virus application compatible with your OS.