The Next Wave of Mobile Banking Threats Is Already Here

The leap ahead

• EventBot abuses Android’s accessibility feature to access and steal valuable user information and system information. It can also intercept SMS messages and bypass two-factor authentication mechanisms. But that is not the only capability that makes it unique.
• It targets more than 200 different financial applications like PayPal, Coinbase, Barclays, Santander UK, HSBC UK, etc., that are commonly used in countries like the US, the UK, Spain, Italy, Switzerland, France, Germany, Ireland, India, Austria, Australia, and Poland.
• EventBot developers seem to be actively involved in its development, as there were four different versions identified, each version bringing in new functionalities and obfuscation techniques. This makes researchers believe that EventBot could become the next big mobile threat.

Regional mobile threats also looming around

• In April 2020, the Mandrake Spyware was observed targeting Mobile banking users in Australia, targeting Android-based applications from financial organizations like ANZ Australia, Commonwealth Bank of Australia, Bank of Melbourne Mobile Banking, Bank of SA, Australian Super, and PayPal.
• In March 2020, an Android banking Trojan dubbed Geost was found targeting Russian banks, with the victim count at over 800,000 users.
• In February 2020, the infamous Ginp Banker Trojan was observed targeting users in Spain. It was equipped with a highly unconventional function of inserting fake text messages into the Inbox of a regular SMS app, along with the capability to intercept and send SMS to bypass OTP based authentication.

Security guidelines and tips