EventBot Steals Banking Passwords And 2FA Codes – Experts Insight

The research team at Cybereason are investigating a new type of Android malware called EventBot, according to their blog. This malware disguises itself as a legitimate Android app, abusing Android’s in-built accessibility features to obtain deep access to the device’s operating system. Once installed, the EventBot-infected fake app siphons off passwords for more than 200 banking and cryptocurrency apps, such as PayPal and HSBC, and intercepts two-factor authentication text message codes.

Experts Comments

May 01, 2020
James McQuiggan
Security Awareness Advocate
KnowBe4
The Android malware attacks are increasing their level of sophistication to what we see on computer operating systems, like Windows or MacOS. Consumers want to make sure they're installing software from reputable sources, like the Google Play Store, and not from websites unless they completely trust them. Based on the current Android operating system configurations, it is advisable to install an anti-malware program to reduce the risk of malware installation. While it might not detect unknown.....Read More
The Android malware attacks are increasing their level of sophistication to what we see on computer operating systems, like Windows or MacOS. Consumers want to make sure they're installing software from reputable sources, like the Google Play Store, and not from websites unless they completely trust them. Based on the current Android operating system configurations, it is advisable to install an anti-malware program to reduce the risk of malware installation. While it might not detect unknown malware, the known signatures can prevent any known attacks.  Read Less
May 01, 2020
Jake Moore
Cybersecurity Specialist
ESET
Downloading unknown or low- reviewed apps on the Play Store is fraught with danger. These apps can cause damage to a device or even steal credentials such as passwords and one time passcodes (OTPs). Although this should be avoided, another way to mitigate those OTPs being stolen would be to use an authenticator app instead of relying on text messages for two factor authentication (2FA). 2FA should be used wherever possible, and text message OTPs are still safer than only relying on a password .....Read More
Downloading unknown or low- reviewed apps on the Play Store is fraught with danger. These apps can cause damage to a device or even steal credentials such as passwords and one time passcodes (OTPs). Although this should be avoided, another way to mitigate those OTPs being stolen would be to use an authenticator app instead of relying on text messages for two factor authentication (2FA). 2FA should be used wherever possible, and text message OTPs are still safer than only relying on a password to enter an account. However, the most secure way is to use a complex password, unique for every account, and utilize a free authenticator app such as Google Authenticator to protect your online accounts.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.