large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Escobar malware ‘could play havoc with victims’ bank accounts’

A new malware is stealing personal data and online banking details by disguising itself as McAfee antivirus software, but should normal people be scared of it? We asked  three security experts to find out. Here’s what they told us.

As we detailed in our Escobar explainer, the malware is an Android trojan that uses a combination of remote control features to trick unsuspecting users into revealing bank login details and 2FA Google Authenticator codes. 

Kaspersky Home Security

Kaspersky Home Security

Keep your online activity safe and private across multiple devices – without compromising speed.

Check out Kaspersky’s new security plans from just £10.99 per year

  • Kaspersky
  • Money back guarantee
  • from £10.99
Buy now

Escobar is reportedly capable of taking over mics and cameras, monitoring calls, downloading media, uninstalling apps, sending text messages and more, essentially wreaking havoc over its victims’ personal devices. 

What’s perhaps most scary is that this particular malware sneaks onto phones under the guise of a well-known antivirus software: McAfee. 

We reached out to McAfee to find out more about the menacing software hijacking its namesake. 

“McAfee is aware of reports of the Escobar Android malware application masquerading as a legitimate McAfee application”, Steve Grobman, CTO at McAfee told Trusted Reviews

“This malicious application is being distributed via third-party channels outside of the Google Play store. McAfee is aware of this malware, and has had protection for our customers in place since March 4”. 

Grobman explained that the malware is infecting users through third-party app distributors who, unlike Google’s Play store and Apple’s App Store, don’t have any process in place to review and vet apps to confirm they are safe for users to download. He even warned that some sites might intentionally host malicious apps as part of broader scams. 

While cybercriminals have found ways to work around Google and Apple’s review process in the past, Grobman still recommends users stick to these app stores for the best chance of avoiding nasty malware, like Escobar. 

“The chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer”.

We also spoke to security experts from Comparitech and Pixel Privacy to learn more about this particular malware, where it’s coming from and how innocent Android users can avoid falling victim to it. 

“Escobar masquerades as a McAfee antivirus app to trick victims into installing it”, said Paul Bischoff, privacy advocate at Comparitech. 

“The app was first discovered being distributed via Discord, showing how private group messaging apps are becoming popular means to distribute malware. Telegram suffers from the same problem. Because there’s less content moderation in private chats, more malware is allowed through”. 

“Escobar could play havoc with victims’ bank accounts”, warned Chris Hauk, consumer privacy champion at Pixel Privacy. “Users need to stay alert for suspicious permissions alerts on their devices”. 

Hauk recommends users keep (legitimate) antivirus and antimalware protection up to date on their device, use a VPN to make it harder for cybercriminals to track their online activity and only install apps from trusted sources, like the Google Play Store. 

Kaspersky Home Security

Kaspersky Home Security

Keep your online activity safe and private across multiple devices – without compromising speed.

Check out Kaspersky’s new security plans from just £10.99 per year

  • Kaspersky
  • Money back guarantee
  • from £10.99
Buy now

“Unlike the genuine McAfee app, Escobar is not available on Google Play. Third-party apps from outside Google Play are not vetted by Google and carry a much higher risk of malware”, said Bischoff. 

“If you have to go into your Android settings and allow apps from unknown sources, you should think twice before downloading the app”.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.