Eventbot, a new family of banking malware for Android


The initial cases have affected banks in the UK, Italy and Spain, although it is likely that banks from other European countries will soon be added to this list.

As is the norm in practically all trojan bankers for Android, Eventbot uses web injections to steal victims’ banking credentials. These are displayed to the user through the habitual overlays, which appear after the malware detects that the genuine banking application has been opened.

evenbot

Unlike the existing banking trojans for Android, Eventbot includes new methods of robbing banking credentials, and in addition to the use of webinjects, this ‘banker’ also siphons off data through the accessibility service it installs and which allows it to gather information on events that occur on the user interface.

This includes changes to text fields, key presses, etc. Thanks to these new functionalities, this trojan doesn’t need to use webinjects to steal data, rather it listens for events related to the username and password text fields of affected applications.

If you want to know in detail how this Trojan works, download the complete report.

evenbot-cover-es

Android Banker: Evenbot 

Since March, there have been signs of a new trojan in the sphere of banking malware for Android. The name given to this new family is ‘Eventbot’. This is mainly due to the fact that the word ‘event’ is used in the malicious app package identifier, probably because of its novel functionality of using accessibility events to steal credentials.

Most banking trojans use accessibility events to detect when an application is opened, before showing a webinject with a phishing form that siphons off the victim’s credentials.

 

Posted by David García

In his more than 9-year professional career, he has been involved in multiple projects, the most important being in the fields of managed security, anti-fraud and ethical hacking services, and malware analysis. He has contributed his know-how and security-related improvements to a wide variety of fraud and vulnerability analysis products. He currently oversees the smooth running of our different products and researches current fraud developments in order to showcase buguroo overseas as well as providing the development department with feedback on the latest malware and cybercriminal trends.

DID YOU LIKE IT? SHARE IN YOUR SOCIAL COMMUNITIES.

 
We recommend you to read...

What did you think about this topic?

Leave your comments

 

Need to reduce fraud in your online banking?

Discover our holistic vision applied to online detection

Request demo