Pablo Escobar was a drug lord from Colombia. While he is long gone, his name echoes throughout the years, even when things have gone digital.
In the past, Escobar's name has become a brand name, managed by Escobar's younger brother. But that doesn't stop others from using the famous name to name a malware. That is because the malware could do some of the most nefarious things imaginable on victims' devices.
Android users are pretty used to hear warnings about malwares targeting them.
This time, Escobar is yet another malware, but can be considered more terrifying, simply because it allows attackers to have a complete control of victims' bank accounts. With the malware, hackers can even steal multi-factor authentication data.
Multi-factor authentication data is meant to be the unique codes send to users' devices whenever they are logging in to their banking account, or trying to transact.
The process is designed to make banking services more secure.
But this Escobar malware here, can steal that data.
In the wrong hands, it's easy to see how hackers could then use the information to steal money and perform transactions without the owner's permission.
While malware variants with similar abilities have been around in the past, Escobar is unique.
First, unlike most other Android malware, which are mostly downloaded via apps on Google Play Store, Escobar primarily targets its victims via APK files downloaded from the web. Second, Escobar comes with more sophisticated abilities than most others.
One of the most famous brand the malicious actors behind the malware have masqueraded their malware with, is by hiding it behind a fake app from the security firm McAfee.
When installed, the app can read and send SMS text messages, see and steal media files and contacts, make and track phone calls, track users' location, read notifications, use the phone's camera and microphone, uninstall apps, take screenshots, disable phone's lock code, inject new URLs into web browsers and, most devastating of all, use its remote-desktop function to completely take over its victims' phone.
All of those capabilities combined, allow the malicious actors behind the malware and the app to break into victims' online bank accounts.
The fake McAfee app is able to target customers from at least 190 financial institutions in 18 different countries.
On top of that, the malware also allows hackers to take over other online services, such as email and social media accounts.
First reported by Bleeping Computer, the malware was found on an online Russian-speaking hacking forum, on a post made on February 2022.
There, the original authors of the Aberebot malware promoted Escobar under the name "Escobar Bot Android Banking Trojan."
The malware author is renting the beta version of Escobar for $3,000 per month to a maximum of five customers. And if Escobar is ready for public rollout, the developers plan to raise the price to $5,000.
The first suspicious APK file masqueraded as a fake McAfee app, was first spotted by MalwareHunterTeam on March 3, 2022.
It was the researchers at Cyble, who performed an analysis of the Escobar, and reported that the malware is a variant of the Aberebot trojan.
To minimize the chances of being infected with the Escobar malware, Android users are urged to always avoid installing APKs, and refrain from installing apps outside of Google Play Store.
Additionally, when installing a new app from any source, users must always pay attention to unusual requests for permissions and monitor the app's battery and network consumption statistics for the first few days to identify any suspicious patterns.