Android malware Escobar steals Google Authenticator MFA codes
Android banking trojan Aberebot has returned under the name "Escobar" with new features including stealing Google Authenticator multifactor authentication codes.
New features of the latest Aberebot version also include taking control of the infected Android devices using VNC, recording audio and taking photos, and expanding the target apps for credential stealing.
The Trojan's main goal is to steal enough information to allow criminals to take over victims' bank accounts, siphon off existing funds and perform unauthorized transactions.
With the help of KELA's cyber intelligence platform DARKBEAST, BleepingComputer found a forum post in a Russian-language hacker forum from February 2022 in which the Aberebot developer is promoting its new version under the name "Escobar Bot Android Banking Trojan".
The malware author rents the beta version of the malware to a maximum of five customers for $3,000 per month, with criminals being able to try the bot free for three days. The developer plans to increase the price of the malware to $5,000 once development is complete.
The suspicious APK, masquerading as a McAfee app, was first spotted on March 3, 2022. This is currently not recognized by most antivirus programs.
The malware requests 25 permissions, 15 of which are misused for malicious purposes. These include Access, Audio Recording, Read SMS, Read/Write Storage, Get Account List, Disable Keylock, Make Calls and Access Precise Device Location. Everything the malware collects is uploaded to the C2 server, including SMS call logs, key logs, notifications, and Google Authenticator codes.
So if you install apps, you should only do so from trustworthy sources. But even this is no longer a guarantee that malware is not lurking there, too.
Swell):
Bleeding computer
Android malware Escobar steals Google Authenticator MFA codes was first published on xiaomist's blog .
Comments
Post a Comment