Enterprises Mobile Banking Trojan

    Researchers at Cybereason, a cybersecurity firm based in Boston, MA, have exposed a novel banking trojan attacking Android mobile devices dubbed Eventbot. The Eventbot malware was developed with original code from the ground up and is significantly different from all previously known Android malware code. The originality of the malware and its rapid development process, releasing a new version every few days, suggests that the actors behind its development are highly sophisticated and determined to make Eventbot a capable piece of malware.

    Recent updates to the malware have included the ability to perform dynamic library loading, enhanced encryption schemes, and adjustments to different locales and device manufacturers. The Eventbot malware abuses Androids accessibility features to harvest sensitive information from the device such as keystrokes, PINs, and SMS messages.

    The Accessibility Services are typically used to help users with disabilities by giving them a meaningful way to interact with the device. Accessibility Services can process the information on the screen and present it to the end-user in formats that are more digestible but also, has the ability to write input into fields, auto-generate permissions on the device, perform screen gestures and more.

    The SMS message harvesting feature of the Trojan allows it to bypass two-factor authentication often employed by legitimate banking apps to verify the identity of mobile users by abusing the accessibility feature which can write input from the screen into a form field. The malware itself masquerades as a legitimate Android app, and once installed it is designed to siphon off credentials for over 200 banking and cryptocurrency sites. Banking apps such as PayPal, HSBC, Capital One are a few of the many apps at risk from Eventbot’s data harvesting and two-factor bypass features.

    Mobile malware targeting financial apps has become a significant risk to consumers and businesses alike and must be considered when mobile banking is the third most popular activity performed on mobile devices, right behind logging into social media apps and checking the weather. Furthermore, over 60% of devices accessing or containing enterprise data are now mobile devices, meaning if an attacker gains access to a mobile device, the consequences for business can be catastrophic. With the wealth of sensitive activities now being performed on mobile devices, most of which having little or no end-point protections installed beyond the basic app store verification, these attacks will only become more common.

    It is now estimated that over a third of all malware is designed to target mobile devices, this poses significant challenges for consumers, let alone organizations that allow bring-your own-devices.


Sources:

• https://www.finextra.com/pressarticle/82346/new-android-banking-trojan-affects-200-financial-apps

• https://techcrunch.com/2020/04/29/eventbot-android-malware-banking/