Recently, computer security experts have discovered a new malware.
It is called EventBot and apparently it is quite sophisticated.
This article will also interest you: A malicious program permanently on a smartphone model subsidized by the U.S. state
He was spotted on Thursday, April 30, by a Cybereason security team. It's a malware that attacks Android smartphones. But according to the descriptions made by the specialists, this malware presents itself as a threat to financial information both for ordinary consumers and for businesses. This malware combines a Trojan horse, information extractor and spyware functionality. Clearly, it is possible for the cybercriminal who uses this software to not only steal financial information, but also not be able to spy on his victims.
Experts have estimated that the preferred targets of this computer program extends up to 200 financial software and cryptocurrencies for Android mobile. Other PayPal include Barclays, Coinbase, CapitalOne UK, Revolut and TransferWise. The specific targets of this malware are usually U.S. or European banking and financial services. In the opinion of experts, the program may still be developing. This can be seen at the number level that indicates the version such as 0.0.0.1 or 0.3.0.1 not to mention some identifiers that are named with "Test" in the Source code.
It should also be noted that this malware abuses the accessibility features of Android smartphones in order to compromise it. By the time the app is downloaded (which of course can only be done through an unofficial store) the app will pass for a legitimate application by normally requesting permissions to work. If the main user is not paying enough attention, he will be caught. Permissions are generally understood by access to certain accessibility features, the possibility
– to open network sockets
– to operate in the background
– read external storage
– to take control of the installation of the packages.
If the cybermalhead's target inadvertently accepts the application's permissions, EventBot can "function as a keylogger and can retrieve notifications on other installed apps and open window content," the researchers explain. And that's not all. The app will then be able to automatically download and even update a configuration file that would contain a list of financial software that is targeted.
At the moment, financial institutions whose applications are targeted are generally in Italy, France, the United Kingdom and Germany. The malware also downloads command URLs. Information that is transmitted between files and malware is usually encrypted using a Base64, RC4 and Curve25519 protocol. Cybereason researchers noted: "All the latest versions of EventBot also contain a ChaCha20 library that can improve performance compared to other algorithms like RC4 and AES, but it's not currently in use, which means that authors are actively working to optimize EventBot over time. ».
The dangerousness of this program lies in the fact that not only can it also collect information from a system only from an infected device, but it can also collect the smartphone SMS on which it is installed, which of course can allow hackers to easily bypass dual factor authentication, "to perform web injections" , to enter the PIN codes of Samsung screens, to carry out a surveillance. ». EventBot features in relation to accessibility abuse. With the increase in attacks on smartphones in recent times, Cybereason researchers believe that this malware may pose real problems in the future. Especially in the context where "iterative improvements are constantly being made, abusing a critical operating system feature and targeting financial applications. ».
So far, the researchers have not yet managed to detect a wave at activities involving this virus. This can be explained by the fact that it is still in development. But some suspicions remain. Android users must then be more vigilant in the future.
Now access an unlimited number of passwords: