New EventBot Android Malware Is An InfoStealer, KeyLogger, Spyware, And More

One more Android based malware has surfaced online amidst times when people are at home and increasingly dependent on their smartphones. Identified as EventBot, the new malware targets Android devices to execute various malicious activities. It can not only steal data but can also spy on the victims.

EventBot Android Malware Emerges As The New Threat

Researchers from the Cybereason Nocturnus team have found a new malware threatening Android users. Dubbed as EventBot, the malware has emerged recently and bears tremendous functionalities to surpass other Trojans.

EventBot is not a simple Android malware, rather it acts as an infostealer, a keylogger, and a spyware. Moreover, it serves a mobile banking Trojan that exfiltrates financial data. It also intercepts SMS messages which makes it capable to bypass 2FA.

Briefly, the malware masquerades itself as any legit app, such as Adobe Flash Player to reach target devices. Once installed, it exploits the Android Accessibility feature to access other apps, system information, and device data. It then operates as a keylogger and retrieves data of other apps.

It also seeks permission to continue running in the background, which the user would happily allow. The malware also requests permission to ignore battery optimization, read from external storage, display windows overlaying other apps, and preventing the processor from sleeping.

EventBot then gathers device data including a list of installed apps, device details such as model number and OS, network information, and other data. It then transmits all the exfiltrated data to the C&C server in encrypted form.

More details about this malware are available in the researchers’ report.

Constant Improvements Observed In Trojan

Aside from extensive malicious capabilities, the security team has also noticed the malware to undergo constant improvements. In a short time, four different versions of EventBot surfaced online, Version 0.0.0.1, 0.0.0.2, and 0.3.0.1 and 0.4.0.1.

Every new version bears advanced code obfuscation and encryption. For instance, the initial versions used Base64 and RC4 for data encryption, whereas the later version also added a Curve25519 encryption layer.

Although, this Android malware is still in its development phase. Yet, considering its potential, the researchers fear that it will emerge as the next big threat for mobile users.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients