MALWARE ALERT: ‘Escobar’ on Android steals Google Authenticator Code, money from bank accounts


Cybersecurity firm, BleepingComputers has revealed that a new virus with the name ‘Escobar’, which is able to steal Google Authenticator Codes and money from victims’ bank accounts is doing the rounds on Android devices.

According to them, Escobar is not a new malware, but it just comes with a new name and capabilities.

The ‘Escobar’ malware is said to have so far targeted customers from 190 financial institutions across 18 different countries. But specific details related to the countries and institutions were not revealed.

As per the report, the banking malware can steal Google Authenticator multi-factor authentication codes, which are sent to devices when someone tries to login onto email or online banking services.

“Getting access to Google Authenticator multi-factor authentication codes sounds scary as they can allow hackers to get easy access to users’ personal and financial details,” the firm said.

The report also highlights, “everything that the malware collects is uploaded to the C2 server, including SMS call logs, key logs, notifications, and Google Authenticator codes”.

Escobar malware targeting Android users

According to the report, this isn’t the first time that such a banking Trojan has been doing the rounds on Android. In 2021, the Aberebot Android bug with similar capabilities targeted hundreds of Android users.

‘Escobar’ is more or less similar to Aberebot but comes with more advanced capabilities. As per the report, the ‘Escobar’ Trojan takes full control of the infected device, clicks photos, records audio, and also expands the set of targeted apps for credentials theft.

How to stay protected from Android malware
  • Android users should ensure they do not install APK files from outside of the Google Play store
  • Users must enable the Google Play Protect option on their smartphone, which prompts if a user is in the process of installing malware on their device.
  • Users must always keep a check on general permissions that a particular app asks for. This will let them spot apps or files that install malware on devices or apps that are risky.
  • Always ensure to check the details such as name, description, and more of files/apps before installing them on the device.


Please enter your comment!
Please enter your name here