Android Malware ‘Escobar’ is After Google Authenticator Codes

The malicious code appears to be an improved version of one responsible for widespread bank security issues last year.

The Aberebot trojan, an Android malware that previously infiltrated over 140 banks across 18 countries, has resurfaced under the new name ‘Escobar’.

The ultimate aim of the virus is to steal victims’ bank account details and perform unauthorized transactions. Even your Google Authenticator multi-factor authentication codes aren’t safe from this threat, with the latest edition containing a range of malicious features that have been designed to record audio, take photos, and swipe authentication codes.

While this type of trojan is technically nothing new, the next generation contains some pretty alarming features that have been sparking concerns among the tech community.

Escobar is the Latest Version of the Aberebot Trojan

If you’re a dedicated Android user, you might remember Aberebot – the phishing application that penetrated some of the world’s biggest financial institutions back in 2021. The trojan targeted banking customers directly, and once granted permissioned by the user, was able to obtain an array of sensitive information.

Unfortunately, it appears that the latest iteration of Aberebot is even more threatening still, with the malware brandishing even more invasive features.

The new version was first spotted disguising itself as a McAfee app, the popular computer security software, on March the 3rd 2022.

According to BleepingComputer, however, evidence of a beta version of the malware had existed since February 2022. It discovered a page on a Russian-speaking hacking forum that displayed the developer promoting the trojan under the name ‘Escobar Bot Android Banking Trojan’.

On the platform, creator was seen trying to rent the Escobar malware out to customers for $3,000 a month in it’s current state, and $5,000 after its development was complete.

Escobar Malware has Some Worrying Features

Similarly to its predecessor, Escobar masks itself as a credible e-banking app or website and steals customer credentials via overlay login forms. The malware then asks users to accept 25 permissions including if the app can turn on the accessibility menu, access their location or record their audio.

Once given full access, the hackers are able to access SMS messages, media files, Google Authenticator Codes, and they can even use a Virtual Network Computing (VNC) remote-desktop function to take full control of the phone. The confidential data they access is then sent to its operator’s control servers where it’s able to be acted upon. This could mean accessing bank accounts, as well as other types of personal information.

This VNC enabled remote control features represent a frightening new development in the malware’s evolution. And with few other trojans having this capability, the Escobar malware seems to be more invasive than most other cyberthreats.

Are Your Android Devices Safe?

Since Escobar has only been circulating for less than a month, its full impact is yet to be determined.

With the new version costing more than a few thousand dollars to obtain, it’s likely that its use won’t spread as fast as other viruses in the past. Moreover, the extensive amount of permission it requires suggests that the malware may be harder to get past savvier tech users.

Despite it’s limitations, however, it’s always recommended to follow best practices when it comes to protecting your devices. This can include downloading antivirus software for your personal and business devices, paying careful notice to suspicious permission requests, only downloading apps from direct sources, and using secure VPNs.

By following these steps and exercising due diligence, your Android devices, and the sensitive information it contains, can be kept as secure as possible.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Isobel O'Sullivan (BSc) is a senior writer at with over four years of experience covering business and technology news. Since studying Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also worked as a freelance tech researcher. Isobel’s always up to date with the topics in employment and data security and has a specialist focus on POS and VoIP systems.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals