Image Courtesy: Cyber Security News
The Aberebot Android Trojan has returned with a new title and set of features. The banking Trojan or virus, according to Bleeping Computer, may now steal Google Authenticator multi-factor authentication credentials. Other new features/capabilities include leveraging VNC to take control of infected Android phones, recording audio, and collecting images, as well as extending the list of credential theft-targeted applications. Using KELA’s cyber-intelligence DARK BEAST platform, Bleeping Computer claims to have discovered a forum post on a Russian-language hacker site where the Aberebot creator advertises its latest version as the ‘Escobar Bot Android Banking Trojan.’ According to reports, the discoveries were subsequently confirmed by Malware Hunter, McAfee, and Cybele experts.
How May the Aberebot/ Escobar Virus Impact Android Users?
Like the majority of banking Trojans, Escobar displays overlay login forms to hijack user interactions with online banking applications and websites. The virus’s primary purpose is to collect enough information for hackers to access victims’ bank accounts and conduct unlawful financial activities.
In the most recent version, the cyber thieves allegedly increased the number of targeted banks and financial organizations to 190 entities from 18 countries. The report does not provide their names. The malware asks for a total of 25 permissions, 15 of which are utilized maliciously. Accessibility, audio recording, read SMS, read/write storage, acquiring account list, disabling key lock, making calls, and accessing exact device location are just a few examples.
Image Courtesy: Tom’s Guide
“Everything the malware captures, including SMS call records, key logs, alerts, and Google Authenticator codes, is transferred to the C2 server,” according to the research. Unfortunately, when it comes to gaining control of online banking accounts, this is enough to assist thieves in getting through the two-factor authentication (2FA) security. The 2FA codes are usually sent through SMS or kept and cycled in tools such as Google’s Authenticator, deemed safer since it is not vulnerable to SIM swap attacks. But, on the other hand, Google Authenticator codes are still susceptible to malware accessing the user space.
How Can Android Users Keep Themselves Safe?
In general, Android users may reduce their risks of being infected by following these important guidelines:
* Not installing APKs from sources other than the Google Play Store
* Checking to see whether Google Play Protect is turned on their device
* Pay attention to unexpected requests for permissions when downloading a phone app from any source, and watch the program’s battery and network use metrics during the first few days to spot any suspect behavior.