Security News > 2020 > May > Android trojan EventBot abuses accessibility services to clear out bank accounts – fortunately, it's 'in preview'
Researchers have analysed a new strain of Android malware that does not yet exist in the wild.
EventBot asks the user for permission to use accessibility services, a powerful feature since these services require extensive permissions in order to work, including acting as a keylogger, for example, and running in the background.
EventBot also requires Android permissions including reading internal storage, reading and sending SMS messages, launching automatically after system boot, showing windows on top of other apps, and requesting to install additional packages.
Would EventBot have any chance of getting past Google's malware checks?
Despite the existence of EventBot and other mobile malware, is it not true that mobile devices are still more secure than desktop PCs, which are more open and allow users more freedom in installing apps from anywhere? "The attack surface is broader with desktop," Dahan told us, "But the world is shifting fast towards mobile. Banking trojans were really big on desktop, today they have to have a mobile component. Today most banks have two-factor authentication with a code either generated or sent to the mobile phone. Threat actors have to adapt and switch to mobile."
News URL
Related news
- New Android Trojan "BlankBot" Targets Turkish Users' Financial Data (source)
- Chameleon Android Banking Trojan Targets Users Through Fake CRM App (source)
- Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users (source)
- TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud (source)
- New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities (source)