There’s a new mobile banking malware called EventBot and the Indian Computer Emergency Response Team (CERT-IN), the cybersecurity arm of the Indian government, has warned about its threat. The malware is capable of entering device and collect data related to a person’s finances through the apps. The virus can intercept the two-factor authentication OTP messages, allowing the hacker to steal money. Also Read - Google blocked 18 million COVID-19 scam emails, malware daily last week
“It uses several icons to masquerade as legitimate apps such as Microsoft Word, Adobe Flash and others using third-party application downloading sites to infiltrate into victim device. It is a mobile-banking Trojan and info-stealer that abuses Android’s in-built accessibility features to steal user data from financial applications, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication,” as given in this advisory by CERT-In. Also Read - Coronavirus: Fake malware-laced apps and why they are so dangerous?
The advisory points out that over 200 financial apps; banking and money transfer which have been targeted using the malware. The malware has infected platforms used in the US and Europe, which could affect Indian users as well. Also Read - This malware affects 4,700 Windows-based computers every day
The virus “largely targets financial applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc.,” the CERT-In added in its advisory. The malware is yet to make its appearance in apps listed on the Google Play Store for now.
Should you worry?
How does EventBot make its impact? “Once installed on victim’s Android device, it asks permissions such as controlling system alerts, reading external storage content, installing additional packages, accessing the internet, whitelisting it to ignore battery optimisation, prevent processor from sleeping or dimming the screen, auto-initiated upon reboot, receive and read SMS messages and continue running and accessing data in the background,” the advisory illustrated the reasons for concern. The malware can start reading lock screen and PIN, giving device access to the hackers.
Watch Video: 5 ways to make your Android phone faster
How to avoid secure device from malware?
– Don’t download apps from third-party app store, unknown (and unsecure) websites
– Check app permissions and access
– Never connect to unsecure public Wi-Fi network
– Do not download email attachments from suspicious accounts