The banking virus or trojan has returned with the ability to now even steal multi-factor authentication codes from the Google Authenticator.

Aberebot Android Trojan: The Aberebot Android Trojan has returned in a new avatar, complete with a new name and new feature. The banking virus or trojan has returned with the ability to now even steal multi-factor authentication codes from the Google Authenticator. Cybersecurity platform Cyble last week said it had come across a tweet from researchers reporting malware “with a name and icon similar to the legitimate antivirus app McAfee”.

Also read | Police warn of download links from The Kashmir Files on WhatsApp: here’s why

It has confirmed that the malicious app was Escobar, which it discovered was a new variant of the Aberebot banking trojan. “In addition to stealing sensitive information such as login credentials using phishing overlays, Aberebot has also targeted customers of more than 140 banks and financial institutions in 18 countries,” Cyble said in a statement.

The platform added that in addition to the ability to steal data from Google Authenticator, the Escobar also had the ability to take over the screens of an infected Android device using VNC, etc. The variant was named Escobar by the Threat Actors (TAs) — the person(s) who created this malware — and its feature details have been published on a cybercrime forum, the cybersecurity platform said.

The name and logo of the app is similar to McAfee, a popular antivirus software. According to Cyble, the malware asks users for 25 permissions, of which it abuses 15. The permissions requested by the Escobar Trojan include SMS access, SMS interception, call log access, contacts access, access to information such as phone number , device serial number, mobile network, outgoing call status, audio recording permission, access to GPS location, permission to send SMS through a third-party application, permission to make a phone call without the confirmation or knowledge of the user, and permission to keylock and all associated password protection, among other things.

Cyble also discovered that the malware clicks images with the device’s camera, deletes files, and steals media files based on commands it receives from the C&C server. It also steals victims’ phone numbers and email addresses.

The C&C server can also instruct the trojan to kill itself.

The platform said that according to its investigation, the malware is being distributed through sources other than the Google Play Store, and therefore cyber hygiene should be applied by users.


This post Android banking trojan returns in new avatar: everything you need to know about Escobar was original published at “https://www.financialexpress.com/industry/technology/android-banking-trojan-returns-in-new-avatar-all-you-need-to-know-about-escobar/2463797/”

LEAVE A REPLY

Please enter your comment!
Please enter your name here