The Cybereason Nocturnus team is investigating EventBot, a new type of Android mobile malware that emerged around March 2020. EventBot is a mobile banking trojan and infostealer that abuses Android’s accessibility features to steal user data from financial applications, read user SMS messages, and steal SMS messages to allow the malware to bypass two-factor authentication.
This research gives a rare look into the process improvements malware authors make when optimizing before launch. By going on the offensive and hunting the attackers, our team was able to unearth the early stages of what may be a very dangerous mobile malware.
Do not download mobile apps from unofficial or unauthorized sources. Most legitimate Android apps are available on the Google Play Store.
Always apply critical thinking and consider whether you should give a certain app the permissions it requests.
When in doubt, check the APK signature and hash in sources like VirusTotal before installing it on your device.
We highly recommend every customer enable the following features: