top of page
  • Admin

Devious Update To Aberebot Banking Trojan Hijacks 2FA Codes, User Accounts

Published: May 10, 2022 on our newsletter Security Fraud News & Alerts Newsletter.

That extra layer of protection we’ve come to count on for keeping intruders out of our accounts, 2FA (two-factor authentication) is under fire. The identity authentication 2FA provides is invaluable to those it protects, from everyday users to large organizations. But lately, security pros are finding more hackers are interested in circumventing 2FA. By doing so, they can take over and benefit from stealing a victims account and everything in it.

From retail to financial accounts and everything in between, all are potential targets when bad actors get around 2FA and hijack an account. Now, a banking trojan called Aberebot is back in action with a devious update that steals 2FA codes. This trojan has targeted customers from over 140 financial institutions in eighteen countries.

Also concerning, the updated Aberebot malware is sold online to anyone willing to pay $3,000 a month to use it. That option is available thanks to criminals on underground forums offering malware-as-a-service (MaaS), where anyone can purchase or rent malware for the right price. That could help explain why more 2FA compromise attacks are happening.

Researchers at Cyble recently found a variant of Aberebot called com.escobar.pablo hiding in a bogus app designed to look like McAfee anti-virus solution. The look-alike is just a cover hiding the Escobar variant, and for the average user looking to download this anti-virus software, it appears totally legitimate. But most concerning to Cyble researchers, they found this Escobar malware not only steals 2FA codes, but it also intercepts 2FA data from Google Authenticator.

Anti-Malware Tips

We can agree, malware is everywhere, and attackers know how to hide it well. Taking cover in apps, emails, texts and more, malware can infect even the most security-minded user. The following tips can help users keep malware infections away from their devices.

  • Use 2FA whenever possible in combination with strong, unique passwords.

  • Download and install apps only from the official app vendors, Google Play and Apple App stores, or whatever that store is for your devices.

  • Keep all devices, apps, and operating system software updated.

  • Enable security features like fingerprint or facial recognition for unlocking smartphones, or diligently use a passcode. Also set your devices to auto-lock within the shortest amount of time possible with no use.

  • Beware clicking any links sent to your smartphone via email, text, or other means, especially if you are not expecting them.

  • Enable Google Play Protect on Android devices.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at


bottom of page