Title: EventBot: A New Mobile Banking and Cryptocurrency Trojan is Born Post by: cryptomaniac_xxx on May 01, 2020, 01:29:39 AM Warning to everyone, there is a new Android bot, known as Eventbot, a very dangerous and malicious app that are still in development but it was recently discovered last March 2020.
What makes it very dangerous?
Applications targeted by EventBot: https://i.imgur.com/2K37hPu.png Complete list: EventBot: Targeted Applications (https://www.cybereason.com/hubfs/EventBot_%20Targeted%20Applications.pdf) I did try to filter out crypto related apps that may have affected. But there could be some that I missed: Quote com.pundix.xwallet co.mona.android com.wrx.wazirx com.coingecko.coingeckoapp com.tronwallet2 com.changelly.app com.myetherwallet.mewconnect doge.org.freewallet.app io.bluewallet.bluewallet com.ownrwallet.wallet com.bitrue.currency.exchange com.tabtrader.android com.bitpie btg.org.freewallet.app com.coinmarketcap.android co.bitx.android.wallet com.cryptotab.android com.cryptoviewer com.swftcoin.client.android im.token.app lt.spectrofinance.spectrocoin.android.wallet com.paxful.wallet io.atomicwallet com.liberty.jaxx com.wirex com.bitnovo.app net.bitstamp.app com.magnum.wallet com.mansoon.cryptopop com.wavesplatform.wallet com.electroneum.mobile com.altcoinfantasy.altcoinfantasy com.coinninja.coinkeeper com.supercrypto.cryptocyrrency com.crypto.currency com.conio.wallet com.paytomat com.quppy com.enjin.mobile.wallet com.xapo io.eidoo.wallet.prodnet com.crypter.cryptocyrrency clientapp.swiftcom.org crypto.aliens.bch com.romerock.apps.utilities.cryptocurrencyc ltcc.org.freewallet.app com.nexowallet com.bitpanda.bitpanda com.moneybookers.skrillpayments.neteller com.plutus.wallet com.binance.dev exodusmovement.exodus eth.org.freewallet.app com.wallet.crypto.trustapp net.bitbay.bitcoin quarecy.crypto com.bitcoin.mwallet io.totalcoin.wallet com.coinomi.wallet com.coinbase.android com.mycelium.wallet com.crypterium mw.org.freewallet.app org.toshi com.dowallet com.bitpay.wallet com.polehin.android com.blockfolio.blockfolio com.chlegou.bitbot btc.org.freewallet.app piuk.blockchain.android com.cryptonator.android Recommendations:
For the full view of the report, you can go to this link: https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born Title: Re: EventBot: A New Mobile Banking Trojan is Born Post by: Kemarit on May 01, 2020, 01:49:31 AM And what makes it more scary is that the threat actor are adding features every time they released a new version in the wild. Although it is still in the development stage and not been used for attack campaigns, it doesn't mean that they won't do it. Probably they are "perfecting" it before releasing it to the wild. And with this kind of sophistication, I wouldn't be surprised in this is a state sponsored cyber groups, like North Korea's Lazarus, just my speculation.
Title: Re: EventBot: A New Mobile Banking Trojan is Born Post by: asianguy845 on May 01, 2020, 02:56:03 AM thx for this man, ill be sure to watch out for this app :)
Title: Re: EventBot: A New Mobile Banking and Cryptocurrency Trojan is Born Post by: libert19 on May 01, 2020, 04:03:49 AM I'll add few more tips:
1) never root your android device, it's double edged sword. If you use your phone for financial tasks, stay far away from it. 2) Be mindful of permissions app requires. In most cases, accessibility, installing app packages, administrator are unnecessary. 3) use NetGuard, it basically stops apps from using your data unless you give allow. Edit: I don't understand the list given, are those apps infected, should they be uninstalled if someone uses them? Title: Re: EventBot: A New Mobile Banking and Cryptocurrency Trojan is Born Post by: btc_angela on May 01, 2020, 08:56:10 AM According to this stats, https://gs.statcounter.com/os-market-share/mobile/worldwide, there are almost 71% users of are using Android around the world. And just imagine if 10% of that having banking and crypto wallet on their mobile phone, this will be disastrous if the bad actors decided to released it. Coinbase is included in the list, and we all know that it is one of the biggest exchanges today.
@libert19 - obviously when you have one of the applications installed, chances are you are going to be infected by it. So uninstalling it might help, but if your information has been compromised, then it will be ineffective. Title: Re: EventBot: A New Mobile Banking and Cryptocurrency Trojan is Born Post by: ABCbits on May 01, 2020, 09:07:54 AM Edit: I don't understand the list given, are those apps infected, should they be uninstalled if someone uses them? No, those list are list of application targeted by EventBot. So if EventBot is on your android device, data from those application will be stolen by EventBot. Title: Re: EventBot: A New Mobile Banking Trojan is Born Post by: 20kevin20 on May 01, 2020, 12:16:29 PM And what makes it more scary is that the threat actor are adding features every time they released a new version in the wild. Although it is still in the development stage and not been used for attack campaigns, it doesn't mean that they won't do it. Probably they are "perfecting" it before releasing it to the wild. And with this kind of sophistication, I wouldn't be surprised in this is a state sponsored cyber groups, like North Korea's Lazarus, just my speculation. What is even scarier is that any app update could turn a widely-used app into an immense malware that, while people use the app trustfully, scraps all the data needed from your other installed apps to steal funds from your wallets or other critical and sensitive information.Convenience always has to come with a risk, but apparently they're like all linked to data collecting - one does direct damage (EventBot) while others (Facebook) do indirectly .. FOSS for the win! :D Title: Re: EventBot: A New Mobile Banking and Cryptocurrency Trojan is Born Post by: Lucius on May 01, 2020, 02:00:32 PM This looks like a very dangerous malware at first, each new version is even more dangerous than the previous one, and practically targets all possible financial applications. In other words, no one is safe and everyone is panicked for it.
But if you read the article to the end, there is a way to protect yourself from this malware by buying Cybereason Mobile : Cybereason Mobile detects EventBot and immediately takes remediation actions to protect the end user. With Cybereason Mobile, analysts can address mobile threats in the same platform as traditional endpoint threats, all as part of one incident. Without mobile threat detection, this attack would not be detected, leaving end users and organizations at risk. It is not illogical to ask whether the threat actually originated from the same laboratory from which the solution originated? In any case, a good way to promote your product. Title: Re: EventBot: A New Mobile Banking and Cryptocurrency Trojan is Born Post by: 20kevin20 on May 01, 2020, 02:29:31 PM ~ Reminds me of Zoom hiring former Facebook security head (https://www.forbes.com/sites/carlieporterfield/2020/04/08/zoom-brings-on-former-facebook-security-head-to-fix-privacy-problems/) to solve the privacy & security flaws after.. they were caught silently sending users' data to Facebook (https://www.imore.com/zoom-ios-sends-your-data-facebook-even-if-you-dont-have-facebook). :D Sounds more like a "hey, you've worked with Facebook for a while.. come teach us how to camouflage the information transfer so people won't notice anymore!" call than one to "fix flaws".It is not illogical to ask whether the threat actually originated from the same laboratory from which the solution originated? In any case, a good way to promote your product. Funny and sad at the same time, especially as probably more than half of the entire world population has used Zoom now at least once for courses and meetings online.. Title: Re: EventBot: A New Mobile Banking and Cryptocurrency Trojan is Born Post by: cryptomaniac_xxx on May 02, 2020, 12:57:58 PM This looks like a very dangerous malware at first, each new version is even more dangerous than the previous one, and practically targets all possible financial applications. In other words, no one is safe and everyone is panicked for it. But if you read the article to the end, there is a way to protect yourself from this malware by buying Cybereason Mobile : Cybereason Mobile detects EventBot and immediately takes remediation actions to protect the end user. With Cybereason Mobile, analysts can address mobile threats in the same platform as traditional endpoint threats, all as part of one incident. Without mobile threat detection, this attack would not be detected, leaving end users and organizations at risk. It is not illogical to ask whether the threat actually originated from the same laboratory from which the solution originated? In any case, a good way to promote your product. Possible, but I see one article from another services offering the same business solutions, ThreatFabric. Writing comprehensive about RAT (Remote Access Trojan). And in conclusion, they are offering their services in the end as well. Can we blame them exposing this so called new banking trojan and providing solutions? https://www.threatfabric.com/blogs/2020_year_of_the_rat.html Title: Re: EventBot: A New Mobile Banking and Cryptocurrency Trojan is Born Post by: Lucius on May 02, 2020, 01:49:57 PM Can we blame them exposing this so called new banking trojan and providing solutions? There is always doubt that a solution can be created first, and then they start creating something that will sell the product that solves the problem. This is difficult to prove, but when one looks at the contexts of the article, it is clear that one first goes with the creation of fear, then some technicalities, and finally presents a solution. We can't blame anyone for presenting something, one way or another - but we can wonder if we should buy separate software for every new malware that someone discovers? I personally do not do this, I trust proven security solutions for now. For any significant amount of crypto I use through my smartphone only smart solution is hardware wallet which should be immune to these kinds of attacks. Banking is something else entirely, and there really is a problem for anyone who is not aware of what they are installing on their smartphone. It would be ideal to have a business/banking device, and one for fun/entertainment. Title: Re: EventBot: A New Mobile Banking and Cryptocurrency Trojan is Born Post by: nakamura12 on May 02, 2020, 05:57:26 PM Even though that I am not familiar with so many apps that it's in the list but still people should be more careful what apps to used even if it's not crypto related. We may not know that an app is not crypto related but it is gathering information that is crypto related and may have been the cause of losing your crypto funds. Thank you for sharing this info and the best choice is to never use the apps that are in the list and do more research about an app before installing it in your mobile device.
|