As soon as I saw this article yesterday, I was driven back to the binge-watching time of the famous TV series “Narcos”. History has witnessed his personality (Escobar) and synonymity with crime. Though ironically speaking if cybercrimes were to exist during his time which it didn’t might’ve existed if his men stole a truckload of AOL installation CDs so that his customers could snort coke off it. This was a good one by Android Police! The recent outbreak of Escobar malware has become prominent in the android world is known to take control of your phone and worst cases even steal 2FA codes from google authenticator as reported by Android Police. This post highlights some of the vulnerabilities and the associated impacts with this newly surfaced malware.
The volume of mobile threats is on the rise and attackers are becoming more sophisticated, with nearly a third of zero-day attacks now targeting mobile devices, according to new data. Cybersecurity firm Zimperium says data from its services shows that nearly a quarter of mobile devices encountered malware last year, while 13% had their data intercepted by a machine-in-the-middle attack and 12% were directed to a malicious website. The new alias Escobar was existing as the Aberebot Android with more armed capabilities including but not limited to stealing Google authenticator codes and multi-factor authentication codes. Furthermore, in this recent version, there have been some new explorations which includes taking control of the OS using VNC, recording audio, taking photos, and also targeting the fintech apps. The intent of such trojan design is to achieve financial motive by taking over bank accounts and other sensitive information. [Reference]
Using KELA’s cyber-intelligence DARKBEAST platform, BleepingComputer found a forum post on a Russian-speaking hacking forum from February 2022 where the Aberebot developer promotes their new version under the name ‘Escobar Bot Android Banking Trojan.’ The back drop of the story is that Both Cyble and Bleeping Computer, which earlier reported this story, saw that on Feb. 14, an English-speaking malware developer using the handle “His Excellency” had posted an offer in a Russian-language criminal forum to “rent” a beta version of what was called “Escobar” for $3,000 a month.
Rebranded as the Escobar, the android banking Trojan called “Escobar” masquerades as a McAfee antivirus app and steals one-time codes from Google Authenticator, once again demonstrating why you really don’t want to install apps from outside the official Google Play store. It has also been reported that the app can also steal SMS text messages and media files, make phone calls, track your location, use the phone’s camera, uninstall apps, inject new URLs into web browsers and, most devastating of all, use the VNC remote-desktop function to completely take over a phone. Bug slayer MalwareHunterTeam spotted the fake McAfee app a couple of weeks ago and noticed that Android package name was “com.escobar.pablo”, obviously named after the Colombian drug lord who was killed in 1993 and whose zoo animals escaped into the wild.[Reference].
It is still ahead of time to tell how famous the new Escobar malware will become in the cybercrime local area, particularly at a generally excessive cost. In any case, it’s sufficiently strong to allure a more extensive audience. Also, its functional model, which includes arbitrary entertainers that can lease it, implies its dispersion channels and techniques might change enormously.