aberrebot Android Trojan is back with new name and features. According to BleepingComputer, banking Trojans or viruses can now steal google authenticator Multi-factor authentication code. Other new features/capabilities include controlling infected Android devices using VNC, recording audio and taking photos, as well as expanding the set of apps targeted for credential theft.
BleepingComputer claims that using KELA’s cyber-intelligence DARKBEAST platform, it found a forum post on a Russian-language hacking forum where Aberebot developer is promoting its new version named ‘Escobar Bot Android Banking Trojan’. The findings were reportedly later confirmed by researchers from MalwareHunter, McAfee and Cyble.
How Eberbot/Escobar Trojan Android can harm smartphone users
Like most banking Trojans, Escobar displays overlay login forms to hijack user interactions with online banking apps and websites. The main goal of the virus is to steal enough information to allow cybercriminals to take over victims’ bank accounts and conduct unauthorized financial transactions.
Cybercriminals have reportedly expanded the set of targeted banks and financial institutions to 190 entities from 18 countries in the latest version. The report does not share their names. The virus requests 25 permissions, 15 of which are misused for malicious purposes. Examples include accessibility, record audio, read SMS, read/write storage, get account list, disable keylock, make calls and access exact device location.
“Whatever the malware collects is uploaded to the C2 server, including SMS call logs, key logs, notifications and Google Authenticator code,” the report said. This is said to be sufficient to help criminals overcome two-factor authentication (2FA) defenses while taking control of online banking accounts. come or are stored and rotated in tools such as Google. As Authenticator it is considered secure by not being susceptible to SIM swap attacks. However, Google Authenticator codes are still not protected from malware infiltrating user space Huh.
How Android Users Can Stay Safe
In general, Android users can reduce the chances of their smartphone getting infected by following these important tips:
* Not installing APKs outside of Google Play Store
* Ensuring that Google Play Protect is enabled on their device
* When installing a new app from any source, pay attention to unusual permissions requests and monitor the app’s battery and network consumption statistics for the first few days to identify any suspicious activity.