IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

New Android banking trojan is able to bypass two-factor authentication

Customers using HSBC, Paypal, Barclays, Revolut, and Transferwise are all vulnerable to Eventbot, researchers claim

The outline of a skull displayed in computer code to represent malware

A new mobile-based trojan has been discovered that's capable of compromising Android’s accessibility features in order to steal user data from banking applications and read user’s SMS messages, allowing the malware to bypass two-factor authentication.

Named Eventbot, the trojan was discovered by a group of cyber security experts from Cybereason Nocturnus, who found it targeting financial banking applications in the United States and Europe, including the UK.

Over 200 different financial applications have been susceptible to the Eventbot’s attacks, including banking, money transfer services, and crypto-currency wallets operated by organisations such as HSBC, Santander, Barclays, Paypal Business, Revolut, UniCredit, CapitalOne UK, and TransferWise.

Daniel Frank, Lior Rochberger, Yaron Rimmer, and Assaf Dahan of Cybereason Nocturnus all contributed to the research into the trojan, details of which have been published on the cyber security group’s blog.

“EventBot is particularly interesting because it is in such early stages,” they wrote. “This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications.”

What's particularly concerning is that this trojan is also capable of reading a user's SMS messages, and therefore any security codes sent to a device as part of a two-factor authentication setup.

The cyber security experts advise Android users to take precautionary measures such as updating their mobile device to the latest software, which should originate from legitimate sources, keeping Google Play Protect on, and using mobile threat detection solutions for enhanced security.

Related Resource

Decade of the RATs - remote access trojans

Cross-platform APT espionage attacks targeting Linux, Windows and Android

Download now

The team from Cybereason Nocturnus also warned against downloading mobile apps from unofficial or unauthorized sources and recommended applying critical thinking when giving a certain app the permissions it requested.

In the blog post, they warned that “once this malware has successfully installed, it will collect personal data, passwords, keystrokes, banking information, and more”.

“60% of devices containing or accessing enterprise data are mobile. Giving an attacker access to a mobile device can have severe business consequences, especially if the end user is using their mobile device to discuss sensitive business topics or access enterprise financial information. This can result in brand degradation, loss of individual reputation, or loss of consumer trust.”

Last week, it was reported that threat groups are increasingly relying on trojanised apps posing as legitimate versions in order to spread surveillanceware.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Microsoft finally adds Power BI integrations to PowerPoint and Outlook
business intelligence (BI)

Microsoft finally adds Power BI integrations to PowerPoint and Outlook

25 May 2022