Bank account theft: Escobar malware costs just $3,000

Malware is somewhat the preserve of evil spirits who torment their minds day and night to find new ways to achieve their end. Which ? Siphon your euros which seem to be well kept in digital safes that one might think are less easy to open than their physical counterparts, but this is ultimately not really the case. The more time passes, the more we even say to ourselves that it is quite the opposite. Escobar, the latest addition to the hacking scene, confirms this to us again today.

Escobar: the king of window dressing

The website BleepingComputer announced the discovery of a new virus that pollutes devices running Android. He is offered on the darkweb since February 2022 on a Russian-language hacker forum by HisExcellency, a reputable hacker developer.

named Escobar, it is not 100% new since it is an improved version of Aberebot, a devastating Trojan horse already created by the aforementioned hacker. The latter therefore allowed you to purge your bank accounts, but its little brother does even better, adding some well-thought-out features. It allows for example to take control of your device remotely using a VNC (Virtual Network Computing). When your terminal is infected, the virus can display a false identification screen which is superimposed on the real one when you use a banking application in order to steal your identifiers.

The malware has access to 25 permissions in all, 15 of which can be used for criminal purposes on more than 190 financial institutions. Audio recording and photo taking are possible, as are reading and sending text messages, reading what is stored in the phone memory, capturing screenshots, making calls, disabling the lock and have access to your geolocation. The list of possibilities is already beginning to be very long, but Escobar pushes the vice even further. The Trojan can indeed steal the multi-factor authentication codes that the application generates Google Authenticator. These arrive by SMS or are stored precisely in this kind of internal software. The malware therefore uses a C2 server to upload everything it collects during its malicious raid.

Rental scam

HisExcellency, at the time of its announcement last month, was offering its malware leased to 5 customers for the modest sum of $3,000/month before the price rises to $5,000 once development is complete. Suffice to say that it is a very high budget that is not for everyone. Nonetheless, Escobar has been found in fake McAfee builds on alternative app stores, showing that the price hasn’t put everyone off.

Possible interesting, very low detected “McAfee9412.apk”: a9d1561ed0d23a5473d68069337e2f8e7862f7b72b74251eb63ccc883ba9459f
From: https://cdn.discordapp[.]com/attachments/900818589068689461/948690034867986462/McAfee9412.apk
“com.escobar.pablo”
😂 pic.twitter.com/QR89LV4jat

— MalwareHunterTeam (@malwrhunterteam) March 3, 2022

So far, the Trojan Horse has been recorded in 18 countries around the world but failed to gain a foothold on the official Play Store. We recommend that you, as always, strongly favor the latter for downloading applications. Even if some viruses sometimes manage to slip through the cracks of the protection of experts at Google, the risks are still lower and the threats quickly under control.