EventBot - A New Malware on Android Focusing on Mobile Banking Apps


New mobile banking malware has been detected, misusing the features of the Android operating system, such as accessing important data from financial apps, reading SMS messages, and hijacking/taking over that device. That is used to verify the identity of 2 factors waiting for the code send in the form of SMS. This malware is called EventBot. Cybereason researchers target more than 200 financial apps, such as banking apps, money transfer services, and apps that are crypto wallet. For example, the following apps such as Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise and Coinbase, etc.

The researchers talk about EvenBot malware, which is interesting because it is still in the early stage but has the potential to develop into more dangerous malware that identifies by Cybereason, This malware, it was first discovered in March 2020, concealing itself as a legitimate app ( such as Adobe Flash or Microsoft Word) but concealed by malicious intent once installed. It will ask for various rights that many devices have requested rights include access settings, readability from external storage, can send and receive SMS, run background programs, and can launch itself after system boost/power is turned on.


Once the user has granted access, the EventBot malware acts as a keylogger or a program that recognizes what the user has pressed/typed, which will store both the ID and password as well as being able to retrieve notifications for various apps installed and the contents of the windows that are enabled. Other than also take advantage of access to the Android system by snatching the lock screen unlock code and sending all collected data in an encrypted form to the server controlled by the hacker who attacked the system.

It also can snatch a code from an SMS send to verify identity in various apps such as bank apps, crypto payment apps, and can steal the money in that account. EventBot will come with apps outside of the store or on websites that allow you to download APKs, so users who install apps from a secure store, such as the Google Play Store as it comes from Android that should be at ease.


Suggest to avoid installing apps from untrusted sources, choose to use apps from various official stores, should be safer to users, update software regularly and keep Google Play Protect.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.