Dissecting the Escobar bot

The com.escobar.pablo is yet another banking Trojan which, between else abuses the Android’s Accessibility Service (a11y in short) in order to take over the mobile device’s UI. This service has been designed to assist users with disabilities and it is so powerful, that can literally act in behalf of the user by clicking, reading and generally reacting on any UI event that takes place in the mobile device.

TL;DR, a banking-type Trojan comes with a list of targeted applications (usually banking apps). The a11y, allows the trojan to read which app is currently in the device’s…

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
+Ch0pin🕷️

+Ch0pin🕷️

https://www.linkedin.com/in/valsamaras/, developer of https://github.com/Ch0pin/medusa. Posts are solely my own and do not express the views of my employer.