Security News > 2020 > May > New Android Malware Steals Banking Passwords, Private Data and Keystrokes
A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes.
Called "EventBot" by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets such as Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase.
"This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications."
Last month, IBM X-Force researchers detailed a new TrickBot campaign, called TrickMo, that was found exclusively targeting German users with malware that misused accessibility features to intercept one-time passwords, mobile TAN, and pushTAN authentication codes.
Keeping the software up-to-date and turning on Google Play Protect can also go a long way towards protecting devices from malware.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/EHR4BHQMwNo/android-banking-keylogger.html
Related news
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- TrickMo malware steals Android PINs using fake lock screen (source)
- TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- Cyber crooks push Android malware via letter (source)