Mobile banking threats have been recently making an impact, both at the regional as well as global levels. EventBot, the newly identified Android banking trojan, can be considered as a forward leap in the evolution of mobile banking trojans.
The leap ahead
EventBot abuses Android’s accessibility feature to access and steal valuable user information and system information. It can also intercept SMS messages and bypass two-factor authentication mechanisms. But that is not the only capability that makes it unique.
It targets more than 200 different financial applications like PayPal, Coinbase, Barclays, Santander UK, HSBC UK, etc., that are commonly used in countries like the US, the UK, Spain, Italy, Switzerland, France, Germany, Ireland, India, Austria, Australia, and Poland.
EventBot developers seem to be actively involved in its development, as there were four different versions identified, each version bringing in new functionalities and obfuscation techniques. This makes researchers believe that EventBot could become the next big mobile threat.
Regional mobile threats also looming around
Besides the global threats like EventBot, a large number of mobile threats have been recently observed, that are actively targeting financial institutions within a specific region.
In April 2020, the Mandrake Spyware was observed targeting Mobile banking users in Australia, targeting Android-based applications from financial organizations like ANZ Australia, Commonwealth Bank of Australia, Bank of Melbourne Mobile Banking, Bank of SA, Australian Super, and PayPal.
In March 2020, an Android banking Trojan dubbed Geost was found targeting Russian banks, with the victim count at over 800,000 users.
In February 2020, the infamous Ginp Banker Trojan was observed targeting users in Spain. It was equipped with a highly unconventional function of inserting fake text messages into the Inbox of a regular SMS app, along with the capability to intercept and send SMS to bypass OTP based authentication.
Security guidelines and tips
Avoid downloading apps unknown source, and download apps only from the official app stores like Google Play. Pay attention to permissions requested by apps, genuine apps shouldn’t be asking for access to SMS. Users should also use a genuine anti-malware solution for mobile, and also keep an eye on the changes in their devices, such as the decreased performance or battery life, which may indicate malicious behavior.