This is not a new malware, it just comes with a new name. The ‘Escobar’ malware has so far targeted users of 190 financial institutions in 18 different countries. Specific information related to the country and institutions has not been revealed yet.
According to the report, banking malware Google Authenticator can steal multi-factor authentication code, which is sent to an email or log in to online banking services. This can gain access to Google Verified multiple-verification codes and give hackers access to users’ personal and financial details.
The report also said, “Whatever the malware collects is uploaded to the C2 server, including SMS call logs, key logs, notifications and Google Authenticator codes.”
Escobar malware is targeting Android users
This is not the first time such a banking Trojan has been circulated. In 2021, an Aberbot Android bug with similar capabilities targeted hundreds of Android users. ‘Escobar’ is more or less similar to Aberebot but comes with more advanced capabilities. According to the report, the ‘Escobar’ Trojan takes full control of the target device and takes pictures. Also records audio and expands to target apps for credential theft.
Unlike other Android malware, ‘Escobar’ targets users through APK files installed on the web. Most of the other malware is generally available as applications on the Google Play store.
It overlays login forms to hijack user interactions with online banking apps and websites. In most cases, viruses like Escobar take over the banking accounts of users and lead to unauthorized transactions.
How to Stay Safe from Android Malware
Android users should ensure that they do not install APK files from outside the Google Play Store.
Users will have to enable the Google Play Protect option on their smartphone, which tells whether the user is in the process of installing malware on their device.
Users should keep an eye on general permissions asked for by a particular app. This will help them identify apps or files that install malware on those devices or apps.
One should always check the name, description etc before installing on the device.
First published:March 16, 2022 at 1:31 pm