Cybersecurity researchers have discovered a new variant of banking malware on Android. Posing as McAfee antivirus, Escobar is able to steal Google Authenticator one-time codes.
You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyberattacks are becoming more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the methods of hackers and what are the most massive cyberattacks?
A new banking trojan on Android has been detected in the circles of cybercriminals. Called Escobar, it is a variant of Aberebot discovered last summer. This has been updated with new features, including the ability to bypass thetwo-factor authentication of Google Authenticator.
The malware was detected by MalwareHunterTeam on March 3, in a application posing as McAfee antivirus. It has been analyzed by the specialists of the site Cyble. This new version is able to steal the codes disposable in Google Authenticatorand the author can take remote control of the device through a module VNC.
Possible interesting, very low detected “McAfee9412.apk”: a9d1561ed0d23a5473d68069337e2f8e7862f7b72b74251eb63ccc883ba9459f
From: https://cdn.discordapp[.]com/attachments/900818589068689461/948690034867986462/McAfee9412.apk
“com.escobar.pablo”
???? pic.twitter.com/QR89LV4jat— MalwareHunterTeam (@malwrhunterteam) March 3, 2022
An app that steals bank credentials
In addition, we find the usual techniques of banking malwarestarting with the theft of identifiers and Passwords by overlaying a fake login page on top of banking apps. The malware also steals data like contacts, SMScall history, location, call recording, and even has the ability to take pictures, send texts or make calls, all controlled by a server control.
Cyble discovered a post by the developer on a forum dedicated to cybercriminals. This one tries to rent a beta version of its malware for 3,000 dollars, and announces that the price will increase to 5,000 dollars for the final version. The distribution of Trojan horse will therefore take different forms, depending on the teams that will rent it. As usual, the best way to avoid infection is to only install apps from Play store from Google.
Interested in what you just read?