Escobar malware ‘could play havoc with victims’ bank accounts’

A new malware is stealing personal data and online banking details by disguising itself as McAfee antivirus software, but should normal people be scared of it? We asked  three security experts to find out. Here’s what they told us.

As we detailed in our Escobar explainer, the malware is an Android trojan that uses a combination of remote control features to trick unsuspecting users into revealing bank login details and 2FA Google Authenticator codes. 

Escobar is reportedly capable of taking over mics and cameras, monitoring calls, downloading media, uninstalling apps, sending text messages and more, essentially wreaking havoc over its victims’ personal devices. 

What’s perhaps most scary is that this particular malware sneaks onto phones under the guise of a well-known antivirus software: McAfee. 

We reached out to McAfee to find out more about the menacing software hijacking its namesake. 

“McAfee is aware of reports of the Escobar Android malware application masquerading as a legitimate McAfee application”, Steve Grobman, CTO at McAfee told Trusted Reviews. 

“This malicious application is being distributed via third-party channels outside of the Google Play store. McAfee is aware of this malware, and has had protection for our customers in place since March 4”. 

Grobman explained that the malware is infecting users through third-party app distributors who, unlike Google’s Play store and Apple’s App Store, don’t have any process in place to review and vet apps to confirm they are safe for users to download. He even warned that some sites might intentionally host malicious apps as part of broader scams. 

While cybercriminals have found ways to work around Google and Apple’s review process in the past, Grobman still recommends users stick to these app stores for the best chance of avoiding nasty malware, like Escobar. 

“The chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer”.

We also spoke to security experts from Comparitech and Pixel Privacy to learn more about this particular malware, where it’s coming from and how innocent Android users can avoid falling victim to it. 

“Escobar masquerades as a McAfee antivirus app to trick victims into installing it”, said Paul Bischoff, privacy advocate at Comparitech. 

“The app was first discovered being distributed via Discord, showing how private group messaging apps are becoming popular means to distribute malware. Telegram suffers from the same problem. Because there’s less content moderation in private chats, more malware is allowed through”. 

“Escobar could play havoc with victims’ bank accounts”, warned Chris Hauk, consumer privacy champion at Pixel Privacy. “Users need to stay alert for suspicious permissions alerts on their devices”. 

Hauk recommends users keep (legitimate) antivirus and antimalware protection up to date on their device, use a VPN to make it harder for cybercriminals to track their online activity and only install apps from trusted sources, like the Google Play Store. 

“Unlike the genuine McAfee app, Escobar is not available on Google Play. Third-party apps from outside Google Play are not vetted by Google and carry a much higher risk of malware”, said Bischoff. 

“If you have to go into your Android settings and allow apps from unknown sources, you should think twice before downloading the app”.