Govt Issues Warning Against Mobile Banking Malware ‘EventBot’; It Can Steal Your Money
A mobile banking malware called ‘EventBot’ which steals personal financial information may affect Android phone users in India, CERT-In has said in a latest advisory.
The Computer Emergency Response Team of India (CERT-In) is the federal cyber-security agency to combat cyber attacks and guard the Indian cyber space.
Read to find out more…
Some Information About ‘EventBot’!
The national cybersecurity agency said that it has been observed that a new Android mobile malware named EventBot is spreading.
The ‘EventBot’ is a Trojan, a malware that cheats the victim to secretly attack its computer or phone-operating system.
It also said, ‘EventBot’ targets over 200 different financial applications, including banking applications, money-transfer services, and cryptocurrency wallets, or financial applications based in the US and Europe region at the moment but some of their services may affect Indian users as well.
According to CERT-In, the virus largely targets financial applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc.
Why is This Malware a Threat?
The CERT-In has issued a caution, saying the Trojan virus may ‘masquerade as a legitimate application such as Microsoft Word, Adobe Flash, and others using third-party application downloading sites to infiltrate into victim devices’.
The agency said while ‘EventBot’ has not been seen on Google Play Store till now, it can ‘masquerade’ as a genuine mobile phone application.
The CERT-In advisory said, “It is a mobile-banking Trojan and info-stealer that abuses Android”s in-built accessibility features to steal user data from financial applications, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication.”
The advisory explained, “Once installed on victim”s Android device, it asks permissions such as controlling system alerts, reading external storage content, installing additional packages, accessing Internet, whitelisting it to ignore battery optimisation, prevent processor from sleeping or dimming the screen, auto-initiate upon reboot, receive and read SMS messages, and continue running and accessing data in the background.”
Furthermore, the virus prompts the users to give access to their device accessibility services. It can also retrieve notifications about other installed applications and read contents of other applications.
The advisory claims that over time, it can also read Lock Screen and in-app PIN that can give attackers more privileged access over victim devices.
Take These Precautions To Keep Your Data Safe!
CERT-In has suggested certain counter-measures to check the virus infection into Android phones in its advisory:
- Do not download and install applications from untrusted sources like unknown websites and links on unscrupulous messages
- Install updated antivirus solution
- Prior to downloading or installing apps (even from Google Play Store), always review the app details, number of downloads, user reviews, comments, and the ‘additional information’ section.
- Exercise caution while visiting trusted/untrusted sites for clicking links
- Install Android updates and patches as and when available
- Users are advised to use device encryption or encrypting external SD card features available with most of the Android operating system.
- Avoid using unsecured, unknown Wi-Fi networks and for prior conforming of a banking/financial app from the source organisation.
- Make sure you have a strong Artificial Intelligence (AI) powered mobile antivirus installed to detect and block this kind of tricky malware if it ever makes its way onto your system.