Security News > 2020 > May > New 'EventBot' Android Malware Targets Nearly 300 Financial Apps
A newly discovered piece of Android malware is targeting the users of close to 300 financial applications across the United States and Europe, Cybereason Nocturnus security researchers warn.
Dubbed EventBot, the threat appears to be newly developed, as its code differs significantly from that of other Android malware out there.
A configuration file the malware fetches includes a list of targeted applications, including 185 banking apps, and 111 global financial applications such as Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase, and paysafecard.
An investigation into EventBot revealed multiple samples uploaded to VirusTotal by the same user, and the researchers believe that the uploads were made either from the author's machine or from a detection service that in turn submits samples to online malware databases.
"With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers. EventBot appears to be a completely new malware in the early stages of development, giving us an interesting view into how attackers create and test their malware," Cybereason Nocturnus concludes.
News URL
Related news
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- Germany sinkholes BadBox malware pre-loaded on Android devices (source)
- Germany blocks BadBox malware loaded on 30,000 Android devices (source)
- Android malware found on Amazon Appstore disguised as health app (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)