主页 > 区块链钱包 > [imtoken钱包官网下载]新银行木马“Eventbot”,影响234个金融应用

[imtoken钱包官网下载]新银行木马“Eventbot”,影响234个金融应用

管理员 区块链钱包 2022年07月04日

新银行木马“Eventbot”,影响234个金融应用

新银行木马“Eventbot”,影响234个金融应用

上传用户信息:

Eventbot仿冒的主要图标:

包名 包名 包名列3 com.ownrwallet.wallet mobi.societegenerale.mobile.lappli doge.org.freewallet.app com.aurigaspa.bancadalba it.csebo.fec3mobileProd05772 it.relaxbanking es.lacaixa.mobile.android.newwapicon com.intesasanpaolo.inbiz com.revolut.revolut com.tabtrader.android com.sella.BancaSella ftb.ibank.android it.creval.bancaperta com.opentecheng.android.webank com.wirex com.plutus.wallet com.kutxabank.android it.cedacri.hb3.crasti com.grppl.android.shell.BOS com.latuabancaperandroid.ispb com.fideuram.phone com.cryptotab.android com.cryptoviewer com.coinmarketcap.android com.mansoon.cryptopop io.cex.app.prod com.latuabancaperandroid com.jhapps.easyfaucetclaimer it.csebo.fec3mobileProd06150 com.avuscapital.trading212 cedacri.mobile.bank.crbolzano btg.org.freewallet.app clientapp.swiftcom.org it.bnl.apps.enterprise.hellobank com.payeer it.gruppobper.ams.android.bper ch.postfinance.android com.conio.wallet app.pay98 co.mona.android it.bnl.apps.banking cash.usdx.wallet com.chlegou.bitbot com.pundix.xwallet net.bitbay.bitcoin com.paytomat com.coinninja.coinkeeper com.mediolanum.android.fullbanca it.csebo.fec3mobileProd05156 com.beeweeb.findomestic com.mercuryo.app it.cedacri.hb3.crcento it.bper.mobile.mymoney com.mycelium.wallet it.archie.ccbcarteprepagate com.cryptonator.android uk.co.tsb.businessmobilebank com.paxful.wallet cedacri.mobile.bank.bppb com.bitpanda.bitpanda de.postbank.finanzassistent it.bnl.apps.banking.privatebnl mw.org.freewallet.app com.caisseepargne.android.mobilebanking io.bluewallet.bluewallet com.lloyds.ccdm com.fullsix.android.labanquepostale.accountaccess uk.co.cumberland.banking.pay2mobile com.wavesplatform.wallet uk.co.metrobankonline.mobile.android.production com.grppl.android.shell.halifax com.illimity.mobile.rtl com.arkea.android.application.cmb com.tideplatform.banking com.eofinance io.eidoo.wallet.prodnet io.kriptomat.app com.enjin.mobile.wallet it.popso.SCRIGNOapp com.crypterium com.bitnovo.app com.todo1.mobile.deleteTHIS3 lt.lemonlabs.android.paysera com.starfinanz.smob.android.sfinanzstatus co.uk.getmondo it.csebo.fec3mobileProd05652 com.unicredit com.bbva.netcash com.citibank.mobile.au com.ie.vanquis.interact.shell com.crypto.currency it.chiantibanca.inbank com.swissborg.android.community it.hype.app com.lloydsbank.businessmobile com.binance.dev de.schildbach.wallet it.cedacri.hb2.bpbari com.bankofqueensland.boq com.ecoPayz.appID com.libertex.mobile at.volksbank.volksbankmobile com.tmobtech.halkbank com.moneybookers.skrillpayments com.lynxspa.bancopopolare com.tforp.cryptogdx com.mal.saul.coinmarketcap com.plunien.poloniex com.db.pbc.miabanca io.getdelta.android com.wallet.crypto.trustapp com.spot.spot com.starlingbank.android com.db.coo.secureauthenticator com.dowallet com.liberty.jaxx com.barclays.android.barclaysmobilebanking com.bitcoin.mwallet com.developerdesing.bitcoin fcabank.myfcabank it.icbpi.mobile ltcc.org.freewallet.app co.edgesecure.app uk.co.hsbc.hsbcukmobilebanking it.bnl.mybiz com.coinbase.android com.swftcoin.client.android com.aci.ocean.mobile com.mosync.app_Banco_Galicia com.monitise.client.android.yorkshire com.coinstats.crypto.portfolio at.paysafecard.android im.token.app quarecy.crypto com.magnum.wallet fr.banquepopulaire.cyberplus com.tarjetanaranja.emisor.serviciosClientes.appTitulares it.cabel.mito.mimo.android com.vipera.chebanca com.touchin.perfectmoney cloud.money.server.mining co.bitx.android.wallet com.garanti.cepsubesi com.ptpwallet com.interactive_crypto.app com.monitise.client.android.clydesdale io.atomicwallet net.inverline.bancosabadell.officelocator.android com.cointiply.earn com.electroneum.mobile uk.co.tsb.newmobilebank com.polehin.android net.bitstamp.app hashengineering.darkcoin.wallet uk.co.santander.santanderUK com.syndicomsolutions.ecoinia com.thanksmister.bitcoin.localtrader eth.org.freewallet.app com.altcoinfantasy.altcoinfantasy com.bitpie com.kbc.mobilebanking uk.co.bankofscotland.businessbank it.ingdirect.app pl.bzwbk.bzwbk24 com.tescobank.mobile ch.raiffeisen.android com.coinomi.wallet de.number26.android com.ocito.cdn.activity.banquenuger it.nogood.container com.cajaingenieros.android.bancamovil com.supercrypto.cryptocyrrency com.jdevelops.claimmultifaucet com.moneybookers.skrillpayments.neteller es.ibercaja.ibercajaapp com.bitrue.currency.exchange lt.spectrofinance.spectrocoin.android.wallet com.grppl.android.shell.CMBlloydsTSB73 com.monitise.coop exodusmovement.exodus com.bancsabadell.wallet com.Plus500 app.wizink.es org.toshi btc.org.freewallet.app com.csg.cs.dnmb it.copergmps.rt.pf.android.sp.bmps piuk.blockchain.android com.xapo com.ie.capitalone.uk es.ceca.cajalnet com.commbank.netbank com.myetherwallet.mewconnect com.advantage.RaiffeisenBank com.mediaengine.allianzbank com.romerock.apps.utilities.cryptocurrencyconverter it.bancagenerali.mobile com.barclays.bca com.blockfolio.blockfolio au.com.heritage.app com.tronwallet2 it.gruppocariparma.nowbanking com.niyo.global com.remitano.remitano it.cartasi.mobilepos com.twogetherbank.app com.bbva.bbvacontigo com.quppy com.bitpay.wallet com.bankinter.launcher cobo.wallet co.uk.mycashplus.maapp aib.ibank.android com.barclaycard.germany io.totalcoin.wallet network.celsius.wallet com.latuabancaperandroid.pg com.payoneer.android com.crypter.cryptocyrrency com.changelly.app it.phoenixspa.inbank it.volksbank.android posteitaliane.posteapp.appbpol com.mirlimited.muchbetter de.commerzbanking.mobil crypto.aliens.bch com.monese.monese.live cedacri.mobile.bank.hb2.bari com.CredemMobile com.cmcm.blockchain.bitcoin.ethereum.safewallet com.wrx.wazirx com.coingecko.coingeckoapp it.iwbank.banking com.nexowallet

F73F66B15791A42DAC86D0CED46D660F

链接

36988753860CD9F919B9D2A94C0AF0FC

样本分析

Eventbot其功能繁多,相比于近期比较活跃的Cerberus、Anubis、Joker等毫不逊色。

通过服务端下发指令:

新银行木马“Eventbot”,影响234个金融应用

C2:

新银行木马“Eventbot”,影响234个金融应用

新银行木马“Eventbot”,影响234个金融应用

总结

进入2020年以后,Android银行木马随着“新冠肺炎”的爆发变得异常活跃,继Cerberus、Anubis木马之后,又出现了全新的木马Eventbot。虽然目前Eventbot木马只是处于测试阶段,实质性的危害还没有扩大,但其潜在的影响广泛,对国内一些进行虚拟货币交易的用户具有潜在的威胁。奇安信病毒响应中心会随时关注相关木马的实时动态,同时奇安信病毒响应中心提醒用户不要安装未知来源的APP,同时提高个人的安全意识。

操控用户手机:

8A563B6AF3CF74C8CBB88B99E104D949

IOC

文件MD5:

Eventbot样本信息:目前发现的样本,其都使用相同的包名com.example.eventbot,代码功能也不够完善,并且代码并没有经过混淆加密处理,因此我们推断其正处于测试阶段。根据我们对样本的溯源,发现其最早出现在2020年3月1日。

链接

运行截图:

附录

受影响的234家金融机构应用包名:

影响分析

本文网络收集整理,不构成任何投资建议。转载请注明出处:https://www.bnlive.com.cn/qklqb/8105.html

标签: 银行木马   金融   endpoint   Eventbot