No relation to Pablo — as far as we know
Colombian drug lord Pablo Escobar died in 1993, but even now, nearly 30 years later, his name remains synonymous with crime. In his time, that never included cybercrime — unless he had his henchmen steal a truckload of AOL installation CDs so customers could snort lines of coke off them, which seems improbable — but the name Escobar is back and attached to an insidious form of malware that can take over your phone and even steal multi-factor authentication (MFA) codes generated by Google’s Authenticator app.
Escobar Android malware isn’t really all that new, reports Bleeping Computer. It’s a jumped-up version of the slightly older Aberebot Android banking trojan, which means someone took Aberebot and taught it some new tricks. In addition to grabbing MFA codes, Bleeping Computer says Escobar can also take “control of the infected Android devices using VNC, recording audio, and taking photos, while also expanding the set of targeted apps for credential theft.”
The malware’s basic functions aren’t that different from many other malicious programs. Once it’s on your device, it will perform an overlay procedure, meaning it shows fake login screens in order to lure the unwary into giving away credentials for a host of money sources like banking apps or crypto wallets. Bleeping Computer says that Escobar is “potent,” however, because it can even find its way around blocked overlays to target a huge list of 190 financial institutions. It will also request numerous permissions from your phone, which if granted will allow Escobar to basically do whatever it damn well pleases. It leverages accessibility functions to grab MFA codes, read messages, even pinpoint your location via GPS.
The malware then sends all that data to its operator’s command and control servers, allowing cyberattackers to pretty much run rampant with whatever they get. Fortunately, Bleeping Computer tells us Escobar has some limits at the moment, including the fact that it costs a few thousand dollars for an operator to obtain in the first place. But it’s versatile and can reportedly find many ways onto a device, from phishing SMS messages to innocent-looking apps on the Play Store.
For now, it’s a good idea to at least double-check and make sure that you have Google Play Protect enabled. Escobar wants your money, and you won’t even get a kilo of blow in return.
Read Next
About The Author
