Security News > 2020 > May > New Android Malware Steals Banking Passwords, Private Data and Keystrokes
A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes.
Called "EventBot" by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets such as Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase.
"This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications."
Last month, IBM X-Force researchers detailed a new TrickBot campaign, called TrickMo, that was found exclusively targeting German users with malware that misused accessibility features to intercept one-time passwords, mobile TAN, and pushTAN authentication codes.
Keeping the software up-to-date and turning on Google Play Protect can also go a long way towards protecting devices from malware.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/EHR4BHQMwNo/android-banking-keylogger.html
Related news
- SoumniBot malware exploits Android bugs to evade detection (source)
- New Brokewell malware takes over Android devices, steals data (source)
- New 'Brokewell' Android Malware Spread Through Fake Browser Updates (source)
- New Wpeeper Android malware hides behind hacked WordPress sites (source)
- ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (source)
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)
- Finland warns of Android malware attacks breaching bank accounts (source)
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Android malware Grandoreiro returns after police disruption (source)