Dissecting the Escobar bot
The com.escobar.pablo is yet another banking Trojan which, between else abuses the Android’s
Accessibility Service (a11y in short) in order to take over the mobile device’s UI. This service has been designed to assist users with disabilities and it is so powerful, that can literally act in behalf of the user by clicking, reading and generally reacting on any UI event that takes place in the mobile device.
TL;DR, a banking-type Trojan comes with a list of targeted applications (usually banking apps). The
a11y, allows the trojan to read which app is currently in the device’s…