Android users who use mobile banking might be vulnerable to a new malware called ‘EventBot’. This new malware steals personal and sensitive information according to the Computer Emergency Response Team of India (CERT-In), the national technology arm to combat cyber attacks and guard the Indian cyber space.
The CERT-In has issued a caution, claiming that the Trojan virus may “masquerade as a legitimate application such as Microsoft Word, Adobe flash and others using third-party application downloading sites to infiltrate into victim device”. A Trojan virus often enters a device by cheating the user into believing that it is a software the user needs. It then attacks the operating system from within.
“It is a mobile-banking Trojan and info-stealer that abuses Android’s in-built accessibility features to steal user data from financial applications, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication,” the CERT-In advisory said.
The cybersecurity agency claimed that the new virus targets over 200 financial applications which includes banking applications, money-transfer services and cryptocurrency wallets, or financial applications based in the US and Europe region at the moment. However, CERT-In claims that some of their services may affect Indian users as well.
The virus “largely targets financial applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc.,” the CERT-In said.
So far, the virus has not spotted on any Google Playstore application but it can use third party app markets to mask themselves and enter operating systems.
“Once installed on victim’s Android device, it asks permissions such as controlling system alerts, reading external storage content, installing additional packages, accessing internet, whitelisting it to ignore battery optimisation, prevent processor from sleeping or dimming the screen, auto-initiate upon reboot, receive and read SMS messages and continue running and accessing data in the background,” the advisory explained.
The agency claims that once the virus has entered the device it can retrieve notifications about other installed applications and read contents of other applications.
“Over the time, it can also read Lock Screen and in-app PIN that can give attacker more privileged access over victim device,” the advisory said.
To avoid becoming a victim to this new malware, the agency has also released a few countermeasures:
- Do not download and install applications from untrusted sources like unknown websites and links on unscrupulous messages
- Install strong AI (artificial intelligence) powered mobile antivirus
- Prior to downloading or installing apps (even from Google Playstore), always review the app details, number of downloads, user reviews, comments and the ‘additional information’ section.
- Avoid using unsecured, unknown Wi-Fi networks