An apparently brand new malware, called EventBot, has the capacity to steal passwords and intercept two-factor codes for more than 200 banking and cryptocurrency apps, including PayPal, CapitalOne and HSBC, according to a TechCrunch report. The malware affects Android devices, disguising itself as a legitimate app before worming itself deep into a device’s operating system.
The malware can be installed by either an unsuspecting user or a malicious actor with access to a victim’s phone. “The level of sophistication and capabilities is really high,” Assaf Dahan, head of threat research at Cybereason, which discovered the malware, told TechCrunch. “The developer behind Eventbot has invested a lot of time and resources into creating the code.”
Discovered in March, the malware has the ability to update itself and has improved the encryption it uses to communicate with hackers’ servers. Users worried about EventBot should avoid untrusted apps from third-party sites and stories, according to the report.
Regulators and government security and law enforcement agencies have warned of dramatic increases in many types of phishig, malware, and ransomware attacks since the start of pandemic crisis.
