comscore CERT-In warns about new mobile banking virus | BGR India

CERT-In warns about new mobile banking virus

This new malware is a possible threat according to India's CERT-in and is said to be capable of accessing personal banking information.

  • Published: May 16, 2020 12:40 PM IST
his malware infects Android and iOS phones through Wi-Fi routers

There’s a new mobile banking malware called EventBot and the Indian Computer Emergency Response Team (CERT-IN), the cybersecurity arm of the Indian government, has warned about its threat. The malware is capable of entering device and collect data related to a person’s finances through the apps. The virus can intercept the two-factor authentication OTP messages, allowing the hacker to steal money. Also Read - Google blocked 18 million COVID-19 scam emails, malware daily last week

“It uses several icons to masquerade as legitimate apps such as Microsoft Word, Adobe Flash and others using third-party application downloading sites to infiltrate into victim device. It is a mobile-banking Trojan and info-stealer that abuses Android’s in-built accessibility features to steal user data from financial applications, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication,” as given in this advisory by CERT-In. Also Read - Coronavirus: Fake malware-laced apps and why they are so dangerous?

The advisory points out that over 200 financial apps; banking and money transfer which have been targeted using the malware. The malware has infected platforms used in the US and Europe, which could affect Indian users as well. Also Read - This malware affects 4,700 Windows-based computers every day

The virus “largely targets financial applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc.,” the CERT-In added in its advisory. The malware is yet to make its appearance in apps listed on the Google Play Store for now.

Should you worry?

How does EventBot make its impact? “Once installed on victim’s Android device, it asks permissions such as controlling system alerts, reading external storage content, installing additional packages, accessing the internet, whitelisting it to ignore battery optimisation, prevent processor from sleeping or dimming the screen, auto-initiated upon reboot, receive and read SMS messages and continue running and accessing data in the background,” the advisory illustrated the reasons for concern. The malware can start reading lock screen and PIN, giving device access to the hackers.

Watch Video: 5 ways to make your Android phone faster

How to avoid secure device from malware?

– Don’t download apps from third-party app store, unknown (and unsecure) websites

– Check app permissions and access

– Never connect to unsecure public Wi-Fi network

– Do not download email attachments from suspicious accounts

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: May 16, 2020 12:40 PM IST