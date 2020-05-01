An research team at Cybereason are investigating a new type of Android malware called EventBot, according to their blog. This malware disguises itself as a legitimate Android app, abusing Android’s in-built accessibility features to obtain deep access to the device’s operating system. Once installed, the EventBot-infected fake app siphons off passwords for more than 200 banking and cryptocurrency apps, such as PayPal and HSBC, and intercepts two-factor authentication text message codes.
EXPERTS COMMENTS
Jake Moore, Cybersecurity Specialist, ESET
May 01, 2020
Downloading unknown or low- reviewed apps on the Play Store is fraught with danger.
Downloading unknown or low- reviewed apps on the Play Store is fraught with danger. These apps can cause damage to a device or even steal credentials such as passwords and one time passcodes (OTPs). Although this should be avoided, another way to mitigate those OTPs being stolen would be to use an authenticator app instead of relying on text messages for two factor authentication (2FA). 2FA should be used wherever possible, and text message OTPs are still safer than only relying on a password to enter an account. However, the most secure way is to use a complex password, unique for every account, and utilize a free authenticator app such as Google Authenticator to protect your online accounts.
