What is Escobar Malware?
Escobar is new banking Trojan named after the infamous Pablo Escobar. The malware, which has received a big name, poses a threat to users of almost two hundred banks around the world. According to IT specialists, the new virus is an improved version of the older Aberbot banking Trojan with enhanced functionality. It is able to control infected Android devices, record audio and take pictures with the camera. Once on a smartphone, malware pretends to be a mobile client of one of 190 banks or crypto wallets in order to lure the user’s login and password from the account.
In addition, Escobar requests numerous permissions to various functions of the gadget — reading messages, determining the location of the device using GPS, and others. After collecting various data, the Trojan sends them to the attackers’ servers for further theft of money from the victim’s account. IT specialists note that the virus can get to the target device either by phishing SMS or under the guise of another program.
To protect the device from hacking, experts advised owners of Android gadgets to avoid installing APK files from third-party sites, and also make sure that the Google Play Protect protection system is active on the device.
How does Escobar Malware spread?
The virus code contains a worm-like mechanism, which is the reason for the rapid spread. The functions of this mechanism make it possible to upload the entire phone book of the victim to your server. And then, SMS is sent throughout the database. According to experts, more than 11,000,000 phone numbers have been collected from infected devices in two months. The SMS contains links to the attackers’ pages, where they force users to download the .apk file containing the virus code in various ways. Very often, victims of the Escobar virus received SMS messages allegedly from the goods delivery service. In particular, cases of receiving messages disguised as the international delivery service DHL were recorded. Also, there was information that infected applications can be downloaded directly from the official Google Play Store. But this is not accurate.
What actions can Escobar perform after obtaining the rights
As soon as the malware gets these rights, it will be able to execute commands and simulate touching the display. While for the owner of the device, these actions will be invisible. Moreover, it can perfom the following actions:
- Intercept and block app notifications;
- Set yourself as an SMS sending the application by default;
- Use USSD commands;
- Make phone calls;
- Steal contact lists;
- Show phishing screens on top of other apps.
The virus can also counteract its removal from the device.
What should I do to avoid getting infected with the Escobar virus?
Please note that your phone and personal data are safe until you download the app from the SMS link and install it. Even if you missed this moment, know that Escobar does not have full control over the device, unless the user himself gives access to the “Accessibility service” function. Keep this in mind when giving permissions to unfamiliar applications to enable this option.
With the growing number of mobile device users, the number of viruses has also increased. If earlier Trojans that change settings and infect other files (for example, Skulls for Symbian) were the most dangerous, then modern hacker developments are able to make the gadget stop turning on, deleting the information necessary for the OS. To avoid similar situations in the future:
- Prohibit installations from third-party sources in the settings. You will still be able to download games, movies, music, books, programs from the Play Market store, files in which are manually and automatically checked;
- Download the antivirus. Do not abuse this point – just one such application is enough, simultaneous use of several will cause the device to slow down;
- Check the permissions of the existing software, remove the checkboxes from the “Change system settings” item for services that do not belong to reliable publishers, such as Google.
Recommended Anti-malware tool:
Reset to Factory Settings
It will not be so easy to remove the application from the device. Definitely, it is necessary to reset the device to factory settings. Keep in mind that this will lead to the loss of personal data. Before performing the procedure, perform a backup.
- Start up your device in Recovery Mode using previous instruction
- Select the “Factory Reset” option, a notification will appear that it is impossible to reverse the changes;
- After completing the process, restart the phone by clicking on “Reboot“.