MALWARE ALERT: ‘Escobar’ on Android steals Google Authenticator Code, money from bank accounts

As per the report, the banking malware can steal Google Authenticator multi-factor authentication codes, which are sent to devices when someone tries to login onto email or online banking services.

“Getting access to Google Authenticator multi-factor authentication codes sounds scary as they can allow hackers to get easy access to users’ personal and financial details,” the firm said.

The report also highlights, “everything that the malware collects is uploaded to the C2 server, including SMS call logs, key logs, notifications, and Google Authenticator codes”.

Escobar malware targeting Android users

According to the report, this isn’t the first time that such a banking Trojan has been doing the rounds on Android. In 2021, the Aberebot Android bug with similar capabilities targeted hundreds of Android users.

‘Escobar’ is more or less similar to Aberebot but comes with more advanced capabilities. As per the report, the ‘Escobar’ Trojan takes full control of the infected device, clicks photos, records audio, and also expands the set of targeted apps for credentials theft.

• Android users should ensure they do not install APK files from outside of the Google Play store
• Users must enable the Google Play Protect option on their smartphone, which prompts if a user is in the process of installing malware on their device.

• Users must always keep a check on general permissions that a particular app asks for. This will let them spot apps or files that install malware on devices or apps that are risky.
• Always ensure to check the details such as name, description, and more of files/apps before installing them on the device.