Cybersecurity researchers have discovered a new variant of banking malware on Android. Posing as McAfee antivirus, Escobar is able to steal Google Authenticator one-time codes.
A new Android banking Trojan has been detected among cybercriminals. Called Escobar, it is a variant of Aberebot discovered last summer. This has been updated with new features, including the ability to bypass Google Authenticator’s two-factor authentication.
The malware was detected by MalwareHunterTeam on March 3, in an application posing as McAfee antivirus. It has been analyzed by specialists from the Cyble site .
This new version is able to steal one-time codes in Google Authenticator , and the author can take remote control of the device through a VNC module.
An app that steals bank credentials
In addition, we find the usual techniques of banking malware , starting with the theft of identifiers and passwords by superimposing a fake login page on top of banking applications.
The malware also steals data like contacts, text messages , call history, location, call recording, and even has the ability to take photos, send text messages or make calls, all controlled by a control server .
Cyble discovered a post by the developer on a forum dedicated to cybercriminals . This one tries to rent a beta version of its malware for 3,000 dollars, and announces that the price will increase to 5,000 dollars for the final version.
The distribution of the Trojan horse will therefore take different forms, depending on the teams that will rent it. As usual, the best way to avoid infection is to only install applications on your smartphones from the Google Play Store.