Skip navigation
The Daily Brief
tech Ali Kerem Yücel/iStock/Thinkstock

New Malware Silently Steals Banking Passwords

Called EventBot, a recently discovered malware can steal two-factor codes and passwords from users' devices.

An apparently brand new malware, called EventBot, has the capacity to steal passwords and intercept two-factor codes for more than 200 banking and cryptocurrency apps, including PayPal, CapitalOne and HSBC, according to a TechCrunch report. The malware affects Android devices, disguising itself as a legitimate app before worming itself deep into a device’s operating system.

The malware can be installed by either an unsuspecting user or a malicious actor with access to a victim’s phone. “The level of sophistication and capabilities is really high,” Assaf Dahan, head of threat research at Cybereason, which discovered the malware, told TechCrunch. “The developer behind Eventbot has invested a lot of time and resources into creating the code.”

Discovered in March, the malware has the ability to update itself and has improved the encryption it uses to communicate with hackers’ servers. Users worried about EventBot should avoid untrusted apps from third-party sites and stories, according to the report.

Regulators and government security and law enforcement agencies have warned of dramatic increases in many types of phishig, malware, and ransomware attacks since the start of pandemic crisis.

Want The Daily Brief delivered directly to your inbox? Sign up for WealthManagement.com's Morning Memo newsletter.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish