Security research company Cybereason has discovered a new type of Android trojan that has been targeting banking and money transfer apps. The malware, called EventBot, is able to harvest sensitive data and even intercept 2FA SMS messages, the company told CryptoSlate.
Dozens of Android cryptocurrency applications and wallets have been targeted by the EventBot, including Coinbase, CoinMarketCap, Mycelium Wallet, CoinGecko, CEX.IO, Blockfolio, BitPay, and many more. Refer to this document for the complete list.
New EventBot targets banking and financial apps on Android
The security of several dozen Android apps has been compromised as a new type of malware has been discovered. According to a report from the security research company Cybereason, the malware was first discovered back in March and is significantly different from previously known malware since most of the code discovered so far is written from scratch.
Named the EventBot, the malware is under active development, with new versions featuring new improvements and capabilities being released every few days. In an email shared with CryptoSlate, Cybereason explained that the malware masquerades as a legitimate application even though it isn’t currently found on the Google Play Store.
Once installed by unsuspecting users, the EventBot goes on to abuse Android’s accessibility feature to access valuable user information, system information, and data stored in other applications. The malware can even intercept SMS messages sent to users’ phones as part of the two-factor authentication (2FA).
“The Cybereason Nocturnus team has concluded that EventBot is able to target almost 300 different banking and finance applications, the majority of which are European bank and crypto-currency exchange applications.”
Major crypto companies vulnerable to EventBot attacks
As part of its investigation, Cybereason attempted to identify the people or person behind EventBot but found that the malware was still in the development stage, and as such, most likely wasn’t used for large attacks.
And while it is believed that no funds were lost to this type of attack thus far, some of the biggest crypto companies, including wallets and exchanges, are still vulnerable to future EventBot attacks. In an appendix to the security report, Cybereason listed all of the companies targeted by the malware.
The list includes 296 different banking and financial applications, including PayPal Business, Revolut, Barclays, UniCredit, Lloyd’s, HSBC U.K., Santander U.K., Transferwise, etc. Aside from Android apps for some of the largest banks in the world, the list also includes a myriad of crypto companies.
Some of the industry’s biggest players, such as Coinbase, have been targeted by the malware. Cybereason’s report also listed cryptocurrency exchanges CEX.IO, Changelly, Poloniex, WazirX, Bitstamp, and Bitpanda as vulnerable to EventBot attacks. Coin tracking apps such as CoinGecko, CoinMarketCap, and Blockfolio have also been targeted, as were at least a dozen different mobile-based cryptocurrency wallets. Bitcoin.com wallet, Mycelium, Enjin, Electroneum, Atomic Wallet, Paxful, and MyEtherWallet are just some of the wallets believed to be targeted by the bot.
The company advised users not to download mobile apps from unofficial or unauthorized sources and use mobile device protection solutions if they believe an app might be infected by malware.
Storing more crypto in your mobile wallets than you would in your physical wallet is not advisable. Prefer holding your cryptocurrencies safely in trusted hardware wallets.