"With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers."One piece of good news is that so far the malware does not appear to have been able to inveigle its way into the official Google Play store, meaning that it is likely to have only been distributed via third-party marketplaces. Android users need to change their settings to allow apps to be installed from unknown sources, but history has shown that with the right social engineering techniques criminals have been able to trick users into doing just that. Furthermore, upon installation, EventBot - posing as a legitimate application - asks for a wide range of permissions including access to accessibility features, the ability to open network socikets, the ability to run in the background, and package installation controls. The app needs such a wide range of permissions to conduct its dirty work - including stealing keypresses and details from notifications displayed by other apps (such as two-factor authentication codes sent via SMS message.) Cybereason's researchers warn that EventBot "has real potential to become the next big mobile malware." We'll have to see if that prediction comes true or not, but what is much more certain are the steps that Android users should take to protect themselves:
- Keep your Android device up-to-date with the latest security updates from legitimate sources.
- Turn on Google Play Protect - Google's built-in malware protection for Android, which automatically scans your device.
- Download your apps from official sources, such as the Google Play Store - not unofficial app stores.
- Always consider carefully whether you will accept the permissions an app requests upon installation.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.