cryptomaniac_xxx (OP)
|
Warning to everyone, there is a new Android bot, known as Eventbot, a very dangerous and malicious app that are still in development but it was recently discovered last March 2020. What makes it very dangerous?- intercept SMS message
- bypass 2FA
- targeted over 200 banking and financial applications
- crypto related (exchanges, wallets)
Applications targeted by EventBot:Complete list: EventBot: Targeted ApplicationsI did try to filter out crypto related apps that may have affected. But there could be some that I missed: com.pundix.xwallet co.mona.android com.wrx.wazirx com.coingecko.coingeckoapp com.tronwallet2 com.changelly.app com.myetherwallet.mewconnect doge.org.freewallet.app io.bluewallet.bluewallet com.ownrwallet.wallet com.bitrue.currency.exchange com.tabtrader.android com.bitpie btg.org.freewallet.app com.coinmarketcap.android co.bitx.android.wallet com.cryptotab.android com.cryptoviewer com.swftcoin.client.android im.token.app lt.spectrofinance.spectrocoin.android.wallet com.paxful.wallet io.atomicwallet com.liberty.jaxx com.wirex com.bitnovo.app net.bitstamp.app com.magnum.wallet com.mansoon.cryptopop com.wavesplatform.wallet com.electroneum.mobile com.altcoinfantasy.altcoinfantasy com.coinninja.coinkeeper com.supercrypto.cryptocyrrency com.crypto.currency com.conio.wallet com.paytomat com.quppy com.enjin.mobile.wallet com.xapo io.eidoo.wallet.prodnet com.crypter.cryptocyrrency clientapp.swiftcom.org crypto.aliens.bch com.romerock.apps.utilities.cryptocurrencyc ltcc.org.freewallet.app com.nexowallet com.bitpanda.bitpanda com.moneybookers.skrillpayments.neteller com.plutus.wallet com.binance.dev exodusmovement.exodus eth.org.freewallet.app com.wallet.crypto.trustapp net.bitbay.bitcoin quarecy.crypto com.bitcoin.mwallet io.totalcoin.wallet com.coinomi.wallet com.coinbase.android com.mycelium.wallet com.crypterium mw.org.freewallet.app org.toshi com.dowallet com.bitpay.wallet com.polehin.android com.blockfolio.blockfolio com.chlegou.bitbot btc.org.freewallet.app piuk.blockchain.android com.cryptonator.android
Recommendations:- Keep your mobile device up-to-date with the latest software updates from legitimate sources.
- Keep Google Play Protect on.
- Do not download mobile apps from unofficial or unauthorized sources. Most legitimate Android apps are available on the Google Play Store.
- Always apply critical thinking and consider whether you should give a certain app the permissions it requests.
- When in doubt, check the APK signature and hash in sources like VirusTotal before installing it on your device.
- Use mobile threat detection solutions for enhanced security.
For the full view of the report, you can go to this link: https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born
|
|
|
|
Kemarit
Legendary
Offline
Activity: 3094
Merit: 1354
|
|
May 01, 2020, 01:49:31 AM |
|
And what makes it more scary is that the threat actor are adding features every time they released a new version in the wild. Although it is still in the development stage and not been used for attack campaigns, it doesn't mean that they won't do it. Probably they are "perfecting" it before releasing it to the wild. And with this kind of sophistication, I wouldn't be surprised in this is a state sponsored cyber groups, like North Korea's Lazarus, just my speculation.
|
|
|
|
asianguy845
Member
Offline
Activity: 175
Merit: 14
|
|
May 01, 2020, 02:56:03 AM |
|
thx for this man, ill be sure to watch out for this app
|
|
|
|
libert19
|
|
May 01, 2020, 04:03:49 AM |
|
I'll add few more tips:
1) never root your android device, it's double edged sword. If you use your phone for financial tasks, stay far away from it.
2) Be mindful of permissions app requires. In most cases, accessibility, installing app packages, administrator are unnecessary.
3) use NetGuard, it basically stops apps from using your data unless you give allow.
Edit: I don't understand the list given, are those apps infected, should they be uninstalled if someone uses them?
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
btc_angela
|
|
May 01, 2020, 08:56:10 AM |
|
According to this stats, https://gs.statcounter.com/os-market-share/mobile/worldwide, there are almost 71% users of are using Android around the world. And just imagine if 10% of that having banking and crypto wallet on their mobile phone, this will be disastrous if the bad actors decided to released it. Coinbase is included in the list, and we all know that it is one of the biggest exchanges today. @libert19 - obviously when you have one of the applications installed, chances are you are going to be infected by it. So uninstalling it might help, but if your information has been compromised, then it will be ineffective.
|
| │ | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███▀▀▀█████████████████ ███▄▄▄█████████████████ ███████████████████████ ███████████████████████ ███████████████████████ █████████████████████ ███████████████████ ███████████████ ████████████████████████ | ███████████████████████████ ███████████████████████████ ███████████████████████████ █████████▀▀██▀██▀▀█████████ █████████████▄█████████████ ████████▄█████████▄████████ █████████████▄█████████████ █████████████▄█▄███████████ ██████████▀▀█████████████ ██████████▀█▀██████████ ▀███████████████████▀ ▀███████████████▀ █████████████████████████ | | | O F F I C I A L P A R T N E R S ▬▬▬▬▬▬▬▬▬▬ ASTON VILLA FC BURNLEY FC | | | BK8? | | | . ..PLAY NOW.. |
|
|
|
ABCbits
Legendary
Offline
Activity: 2884
Merit: 7524
Crypto Swap Exchange
|
|
May 01, 2020, 09:07:54 AM |
|
Edit: I don't understand the list given, are those apps infected, should they be uninstalled if someone uses them?
No, those list are list of application targeted by EventBot. So if EventBot is on your android device, data from those application will be stolen by EventBot.
|
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1597
|
|
May 01, 2020, 12:16:29 PM |
|
And what makes it more scary is that the threat actor are adding features every time they released a new version in the wild. Although it is still in the development stage and not been used for attack campaigns, it doesn't mean that they won't do it. Probably they are "perfecting" it before releasing it to the wild. And with this kind of sophistication, I wouldn't be surprised in this is a state sponsored cyber groups, like North Korea's Lazarus, just my speculation.
What is even scarier is that any app update could turn a widely-used app into an immense malware that, while people use the app trustfully, scraps all the data needed from your other installed apps to steal funds from your wallets or other critical and sensitive information. Convenience always has to come with a risk, but apparently they're like all linked to data collecting - one does direct damage (EventBot) while others (Facebook) do indirectly .. FOSS for the win!
|
|
|
|
Lucius
Legendary
Offline
Activity: 3248
Merit: 5698
Blackjack.fun🎲
|
|
May 01, 2020, 02:00:32 PM |
|
This looks like a very dangerous malware at first, each new version is even more dangerous than the previous one, and practically targets all possible financial applications. In other words, no one is safe and everyone is panicked for it. But if you read the article to the end, there is a way to protect yourself from this malware by buying Cybereason Mobile : Cybereason Mobile detects EventBot and immediately takes remediation actions to protect the end user. With Cybereason Mobile, analysts can address mobile threats in the same platform as traditional endpoint threats, all as part of one incident. Without mobile threat detection, this attack would not be detected, leaving end users and organizations at risk. It is not illogical to ask whether the threat actually originated from the same laboratory from which the solution originated? In any case, a good way to promote your product.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1597
|
|
May 01, 2020, 02:29:31 PM |
|
~ It is not illogical to ask whether the threat actually originated from the same laboratory from which the solution originated? In any case, a good way to promote your product.
Reminds me of Zoom hiring former Facebook security head to solve the privacy & security flaws after.. they were caught silently sending users' data to Facebook. Sounds more like a "hey, you've worked with Facebook for a while.. come teach us how to camouflage the information transfer so people won't notice anymore!" call than one to "fix flaws". Funny and sad at the same time, especially as probably more than half of the entire world population has used Zoom now at least once for courses and meetings online..
|
|
|
|
cryptomaniac_xxx (OP)
|
|
May 02, 2020, 12:57:58 PM |
|
This looks like a very dangerous malware at first, each new version is even more dangerous than the previous one, and practically targets all possible financial applications. In other words, no one is safe and everyone is panicked for it. But if you read the article to the end, there is a way to protect yourself from this malware by buying Cybereason Mobile : Cybereason Mobile detects EventBot and immediately takes remediation actions to protect the end user. With Cybereason Mobile, analysts can address mobile threats in the same platform as traditional endpoint threats, all as part of one incident. Without mobile threat detection, this attack would not be detected, leaving end users and organizations at risk. It is not illogical to ask whether the threat actually originated from the same laboratory from which the solution originated? In any case, a good way to promote your product. Possible, but I see one article from another services offering the same business solutions, ThreatFabric. Writing comprehensive about RAT (Remote Access Trojan). And in conclusion, they are offering their services in the end as well. Can we blame them exposing this so called new banking trojan and providing solutions? https://www.threatfabric.com/blogs/2020_year_of_the_rat.html
|
|
|
|
Lucius
Legendary
Offline
Activity: 3248
Merit: 5698
Blackjack.fun🎲
|
|
May 02, 2020, 01:49:57 PM |
|
Can we blame them exposing this so called new banking trojan and providing solutions?
There is always doubt that a solution can be created first, and then they start creating something that will sell the product that solves the problem. This is difficult to prove, but when one looks at the contexts of the article, it is clear that one first goes with the creation of fear, then some technicalities, and finally presents a solution. We can't blame anyone for presenting something, one way or another - but we can wonder if we should buy separate software for every new malware that someone discovers? I personally do not do this, I trust proven security solutions for now. For any significant amount of crypto I use through my smartphone only smart solution is hardware wallet which should be immune to these kinds of attacks. Banking is something else entirely, and there really is a problem for anyone who is not aware of what they are installing on their smartphone. It would be ideal to have a business/banking device, and one for fun/entertainment.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
nakamura12
|
|
May 02, 2020, 05:57:26 PM |
|
Even though that I am not familiar with so many apps that it's in the list but still people should be more careful what apps to used even if it's not crypto related. We may not know that an app is not crypto related but it is gathering information that is crypto related and may have been the cause of losing your crypto funds. Thank you for sharing this info and the best choice is to never use the apps that are in the list and do more research about an app before installing it in your mobile device.
|
|
|
|
|