Author

Topic: EventBot: A New Mobile Banking and Cryptocurrency Trojan is Born (Read 266 times)

hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
Even though that I am not familiar with so many apps that it's in the list but still people should be more careful what apps to used even if it's not crypto related. We may not know that an app is not crypto related but it is gathering information that is crypto related and may have been the cause of losing your crypto funds. Thank you for sharing this info and the best choice is to never use the apps that are in the list and do more research about an app before installing it in your mobile device.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Can we blame them exposing this so called new banking trojan and providing solutions?

There is always doubt that a solution can be created first, and then they start creating something that will sell the product that solves the problem. This is difficult to prove, but when one looks at the contexts of the article, it is clear that one first goes with the creation of fear, then some technicalities, and finally presents a solution.

We can't blame anyone for presenting something, one way or another - but we can wonder if we should buy separate software for every new malware that someone discovers? I personally do not do this, I trust proven security solutions for now. For any significant amount of crypto I use through my smartphone only smart solution is hardware wallet which should be immune to these kinds of attacks.

Banking is something else entirely, and there really is a problem for anyone who is not aware of what they are installing on their smartphone. It would be ideal to have a business/banking device, and one for fun/entertainment.
hero member
Activity: 1344
Merit: 540
This looks like a very dangerous malware at first, each new version is even more dangerous than the previous one, and practically targets all possible financial applications. In other words, no one is safe and everyone is panicked for it.

But if you read the article to the end, there is a way to protect yourself from this malware by buying Cybereason Mobile :

Cybereason Mobile detects EventBot and immediately takes remediation actions to protect the end user. With Cybereason Mobile, analysts can address mobile threats in the same platform as traditional endpoint threats, all as part of one incident. Without mobile threat detection, this attack would not be detected, leaving end users and organizations at risk.

It is not illogical to ask whether the threat actually originated from the same laboratory from which the solution originated? In any case, a good way to promote your product.


Possible, but I see one article from another services offering the same business solutions, ThreatFabric. Writing comprehensive about RAT (Remote Access Trojan). And in conclusion, they are offering their services in the end as well. Can we blame them exposing this so called new banking trojan and providing solutions?

https://www.threatfabric.com/blogs/2020_year_of_the_rat.html
legendary
Activity: 1134
Merit: 1598
~
It is not illogical to ask whether the threat actually originated from the same laboratory from which the solution originated? In any case, a good way to promote your product.
Reminds me of Zoom hiring former Facebook security head to solve the privacy & security flaws after.. they were caught silently sending users' data to Facebook. Cheesy Sounds more like a "hey, you've worked with Facebook for a while.. come teach us how to camouflage the information transfer so people won't notice anymore!" call than one to "fix flaws".

Funny and sad at the same time, especially as probably more than half of the entire world population has used Zoom now at least once for courses and meetings online..
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
This looks like a very dangerous malware at first, each new version is even more dangerous than the previous one, and practically targets all possible financial applications. In other words, no one is safe and everyone is panicked for it.

But if you read the article to the end, there is a way to protect yourself from this malware by buying Cybereason Mobile :

Cybereason Mobile detects EventBot and immediately takes remediation actions to protect the end user. With Cybereason Mobile, analysts can address mobile threats in the same platform as traditional endpoint threats, all as part of one incident. Without mobile threat detection, this attack would not be detected, leaving end users and organizations at risk.

It is not illogical to ask whether the threat actually originated from the same laboratory from which the solution originated? In any case, a good way to promote your product.
legendary
Activity: 1134
Merit: 1598
And what makes it more scary is that the threat actor are adding features every time they released a new version in the wild. Although it is still in the development stage and not been used for attack campaigns, it doesn't mean that they won't do it. Probably they are "perfecting" it before releasing it to the wild. And with this kind of sophistication, I wouldn't be surprised in this is a state sponsored cyber groups, like North Korea's Lazarus, just my speculation.
What is even scarier is that any app update could turn a widely-used app into an immense malware that, while people use the app trustfully, scraps all the data needed from your other installed apps to steal funds from your wallets or other critical and sensitive information.

Convenience always has to come with a risk, but apparently they're like all linked to data collecting - one does direct damage (EventBot) while others (Facebook) do indirectly ..

FOSS for the win! Cheesy
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Edit:  I don't understand the list given, are those apps infected, should they be uninstalled if someone uses them?

No, those list are list of application targeted by EventBot. So if EventBot is on your android device, data from those application will be stolen by EventBot.
hero member
Activity: 2660
Merit: 551
According to this stats, https://gs.statcounter.com/os-market-share/mobile/worldwide, there are almost 71% users of are using Android around the world. And just imagine if 10% of that having banking and crypto wallet on their mobile phone, this will be disastrous if the bad actors decided to released it. Coinbase is included in the list, and we all know that it is one of the biggest exchanges today.

@libert19 - obviously when you have one of the applications installed, chances are you are going to be infected by it. So uninstalling it might help, but if your information has been compromised, then it will be ineffective.
hero member
Activity: 2520
Merit: 952
I'll add few more tips:

1) never root your android device, it's double edged sword. If you use your phone for financial tasks, stay far away from it.

2) Be mindful of permissions app requires. In most cases, accessibility, installing app packages, administrator are unnecessary.

3) use NetGuard, it basically stops apps from using your data unless you give allow.

Edit:  I don't understand the list given, are those apps infected, should they be uninstalled if someone uses them?
member
Activity: 175
Merit: 14
thx for this man, ill be sure to watch out for this app Smiley
legendary
Activity: 3080
Merit: 1353
And what makes it more scary is that the threat actor are adding features every time they released a new version in the wild. Although it is still in the development stage and not been used for attack campaigns, it doesn't mean that they won't do it. Probably they are "perfecting" it before releasing it to the wild. And with this kind of sophistication, I wouldn't be surprised in this is a state sponsored cyber groups, like North Korea's Lazarus, just my speculation.
hero member
Activity: 1344
Merit: 540
Warning to everyone, there is a new Android bot, known as Eventbot, a very dangerous and malicious app that are still in development but it was recently discovered last March 2020.

What makes it very dangerous?

  • intercept SMS message
  • bypass 2FA
  • targeted over 200 banking and financial applications
  • crypto related (exchanges, wallets)

Applications targeted by EventBot:



Complete list: EventBot: Targeted Applications

I did try to filter out crypto related apps that may have affected. But there could be some that I missed:

Quote
com.pundix.xwallet
co.mona.android
com.wrx.wazirx
com.coingecko.coingeckoapp
com.tronwallet2
com.changelly.app
com.myetherwallet.mewconnect
doge.org.freewallet.app
io.bluewallet.bluewallet
com.ownrwallet.wallet
com.bitrue.currency.exchange
com.tabtrader.android
com.bitpie
btg.org.freewallet.app
com.coinmarketcap.android
co.bitx.android.wallet
com.cryptotab.android
com.cryptoviewer
com.swftcoin.client.android
im.token.app
lt.spectrofinance.spectrocoin.android.wallet
com.paxful.wallet
io.atomicwallet
com.liberty.jaxx
com.wirex
com.bitnovo.app
net.bitstamp.app
com.magnum.wallet
com.mansoon.cryptopop
com.wavesplatform.wallet
com.electroneum.mobile
com.altcoinfantasy.altcoinfantasy
com.coinninja.coinkeeper
com.supercrypto.cryptocyrrency
com.crypto.currency
com.conio.wallet
com.paytomat
com.quppy
com.enjin.mobile.wallet
com.xapo
io.eidoo.wallet.prodnet
com.crypter.cryptocyrrency
clientapp.swiftcom.org
crypto.aliens.bch
com.romerock.apps.utilities.cryptocurrencyc
ltcc.org.freewallet.app
com.nexowallet
com.bitpanda.bitpanda
com.moneybookers.skrillpayments.neteller
com.plutus.wallet
com.binance.dev
exodusmovement.exodus
eth.org.freewallet.app
com.wallet.crypto.trustapp
net.bitbay.bitcoin
quarecy.crypto
com.bitcoin.mwallet
io.totalcoin.wallet
com.coinomi.wallet
com.coinbase.android
com.mycelium.wallet
com.crypterium
mw.org.freewallet.app
org.toshi
com.dowallet
com.bitpay.wallet
com.polehin.android
com.blockfolio.blockfolio
com.chlegou.bitbot
btc.org.freewallet.app
piuk.blockchain.android
com.cryptonator.android

Recommendations:

  • Keep your mobile device up-to-date with the latest software updates from legitimate sources.
  • Keep Google Play Protect on.
  • Do not download mobile apps from unofficial or unauthorized sources. Most legitimate Android apps are available on the Google Play Store.
  • Always apply critical thinking and consider whether you should give a certain app the permissions it requests.
  • When in doubt, check the APK signature and hash in sources like VirusTotal before installing it on your device.
  • Use mobile threat detection solutions for enhanced security.

For the full view of the report, you can go to this link: https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born
Jump to: