{"id":34749,"date":"2020-05-01T09:00:11","date_gmt":"2020-05-01T09:00:11","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/"},"modified":"2020-05-01T09:00:11","modified_gmt":"2020-05-01T09:00:11","slug":"android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/","title":{"rendered":"Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it&#8217;s &#8216;in preview&#8217;"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2019\/08\/27\/shutterstock_android_malware.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Researchers have analysed a new strain of Android malware that does not yet exist in the wild.<\/p>\n<p>Cybereason boffins did this by observing submissions to virus detection site VirusTotal not from the general public, but from one source presumed to be miscreants testing whether the nasty would be spotted.<\/p>\n<p>Its creators call the malware EventBot, though if it is released it could be disguised within other apps that claim to be games or utilities, or marketed as a component to other criminals. In the Cybereason <a target=\"_blank\" href=\"https:\/\/www.cybereason.com\/blog\/eventbot-a-new-mobile-banking-trojan-is-born\" rel=\"noopener noreferrer\">report<\/a>, the researchers describe how they tracked a succession of submissions, seeing &#8220;features&#8221; added as the coders improve EventBot&#8217;s capabilities.<\/p>\n<p>EventBot asks the user for permission to use accessibility services, a powerful feature since these services require extensive permissions in order to work, including acting as a keylogger, for example, and running in the background.<\/p>\n<p>EventBot also requires Android permissions including reading internal storage, reading and sending SMS messages, launching automatically after system boot, showing windows on top of other apps, and requesting to install additional packages. Some of these permissions prompt the user, even stating that the app needs to &#8220;observe text you type \u2013 includes personal data such as credit card numbers and passwords.&#8221;<\/p>\n<p>Wouldn&#8217;t most users refuse such permissions? Assaf Dahan, who leads the research team, told <em>The Reg<\/em>: &#8220;Most users that are not tech-savvy will not question why the app needs this or that permission, they will just give it so they can let the app run. Most people don&#8217;t even bother reading it, there&#8217;s a lot of trust. The human link is the weakest link in cyber security.&#8221;<\/p>\n<p>Once installed, the app downloads a configuration file with currently around 200 financial targets, including PayPal, Coinbase, Barclays, HSBC, Santander, Starling, Lloyds, Mondo, Revolut, TSB, Tesco and Bank of Scotland \u2013 a full list is in the report. When active, it can perform webinjects, intercepting data sent to target sites. Along with the ability to read SMS messages, it may be able to defeat some types of two-factor authentication. It can grab screen PINs, &#8220;most likely to give the malware the option to perform privileged activities on the infected device related to payments, system configuration options,&#8221; the report explained.<\/p>\n<p>The most recent versions of EventBot use obfuscation to disguise class names in the code.<\/p>\n<p>Cybereason said that one-third of all malware now targets mobile endpoints, and that 60 per cent of devices accessing enterprise data are mobile. In mitigation, though, both Android and iOS are designed with stricter permissions than desktop PCs, and protected by the fact that most applications are installed via a curated store. Would EventBot have any chance of getting past Google&#8217;s malware checks?<\/p>\n<p>&#8220;I&#8217;d like to say that would never happen but the facts prove us wrong,&#8221; said Dahan. &#8220;It doesn&#8217;t happen often, but malware is found in the Play store. It&#8217;s not unheard of.&#8221;<\/p>\n<p>Evidence of this was confirmed recently by Kaspersky researchers, <a target=\"_blank\" href=\"https:\/\/securelist.com\/apt-phantomlance\/96772\/\" rel=\"noopener noreferrer\">who said<\/a> of a malware campaign dubbed &#8220;PhantomLance&#8221;: &#8220;We found dozens of related samples that had been appearing in the wild since 2016 and had been deployed in various application marketplaces including Google Play. One of the latest samples was published on the official Android market on November 6, 2019. We informed Google of the malware, and it was removed from the market shortly after.&#8221;<\/p>\n<p>According to Kaspersky: &#8220;We spotted a certain tactic often used by the threat actors for distributing their malware. The initial versions of applications uploaded to app marketplaces did not contain any malicious payloads or code for dropping a payload. These versions were accepted because they contained nothing suspicious, but follow-up versions were updated with both malicious payloads and code to drop and execute these payloads.&#8221;<\/p>\n<p>Concerning EventBot, you would expect that the authors will read the Cybereason report and make changes to avoid identification. &#8220;That&#8217;s part of this eternal cat-and-mouse game,&#8221; said Dahan. &#8220;Malware is polymorphic, it mutates all the time to evade antivirus and other security products.&#8221;<\/p>\n<p>Despite the existence of EventBot and other mobile malware, is it not true that mobile devices are still more secure than desktop PCs, which are more open and allow users more freedom in installing apps from anywhere? &#8220;The attack surface is broader with desktop,&#8221; Dahan told us, &#8220;but the world is shifting fast towards mobile. Banking trojans were really big on desktop, today they have to have a mobile component. Today most banks have two-factor authentication with a code either generated or sent to the mobile phone. Threat actors have to adapt and switch to mobile.&#8221;<\/p>\n<p>The solution is for users to resist giving excessive permissions to apps they install, and for Google to up its game when it comes to detecting malicious submissions \u2013 though we emphasise that EventBot itself has not yet been spotted anywhere other than on VirusTotal. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1916\/-8373\/practical-tips-for-office-365-tenant-to-tenant-migration?td=wptl1916\">Practical tips for Office 365 tenant-to-tenant migration<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/go.theregister.co.uk\/feed\/www.theregister.co.uk\/2020\/05\/01\/eventbot_malware_abuses_android_accessibility\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers analysing samples submitted to VirusTotal find new strain Researchers have analysed a new strain of Android malware that does not yet exist in the wild.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":34750,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-34749","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it&#039;s &#039;in preview&#039; 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it&#039;s &#039;in preview&#039; 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-01T09:00:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"563\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it&#8217;s &#8216;in preview&#8217;\",\"datePublished\":\"2020-05-01T09:00:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/\"},\"wordCount\":827,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/\",\"name\":\"Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it's 'in preview' 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview.jpg\",\"datePublished\":\"2020-05-01T09:00:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview.jpg\",\"width\":1000,\"height\":563},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it&#8217;s &#8216;in preview&#8217;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it's 'in preview' 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/","og_locale":"en_US","og_type":"article","og_title":"Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it's 'in preview' 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-05-01T09:00:11+00:00","og_image":[{"width":1000,"height":563,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it&#8217;s &#8216;in preview&#8217;","datePublished":"2020-05-01T09:00:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/"},"wordCount":827,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/","url":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/","name":"Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it's 'in preview' 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview.jpg","datePublished":"2020-05-01T09:00:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview.jpg","width":1000,"height":563},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/android-trojan-eventbot-abuses-accessibility-services-to-clear-out-bank-accounts-fortunately-its-in-preview\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Android trojan EventBot abuses accessibility services to clear out bank accounts \u2013 fortunately, it&#8217;s &#8216;in preview&#8217;"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34749"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34749\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/34750"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}