Press Trust of IndiaMay 15, 2020 10:00:15 AM
A mobile banking malware called “EventBot”, which steals personal financial information, can affect Android phone users in India, the federal cyber security agency said in a recent report.
The CERT-In has issued a warning that the Trojan may disguise itself as a legitimate application, such as Microsoft Word, Adobe Flash, and others, that use third-party application download websites to infiltrate the victim̵
A Trojan is a virus or malware that cheats on a victim to secretly attack his or her computer or phone operating system.
“A new Android mobile malware called EventBot has been observed to spread.
“It is a mobile banking Trojan and info stealer that misuses Android’s built-in accessibility tools to steal user data from financial applications, read user SMS messages and intercept SMS messages, making malware the two factor Authentication can handle. ” The CERT-in report said.
The Computer Emergency Response Team of India (CERT-In) is the national technology arm for combating cyberattacks and guarding Indian cyber space.
EventBot targets over 200 different financial applications, including banking, money transfer services, and cryptocurrency wallets or financial applications based in the United States and Europe, but some of their services may also affect Indian users.
The virus “mainly targets financial applications such as Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, Paysafecard etc.”, says the CERT-In.
The agency said that while “EventBot” has not been “seen” in Google Playstore so far, it can “disguise” itself as a real mobile application.
“After installation on the victim’s Android device, permissions are queried, such as controlling system warnings, reading external memory content, installing additional packages, accessing the internet, whitelisting to ignore battery optimization, to prevent the processor from sleeping or dimming the screen. On restart, receiving and reading SMS messages and continuing to run and access data in the background, “the note said.
The virus also prompts users to grant access to their device access services.
“You can also get notifications about other installed applications and read content from other applications.
“Over time, it can also read the lock screen and in-app PIN, which gives the attacker more privileged access through the victim’s device,” the note said.
The cyber security agency has proposed certain countermeasures to check the virus infection on Android phones:
“Do not download or install applications from untrusted sources such as unknown websites and unscrupulous news links. Install an updated antivirus solution. Always check app details before downloading or installing apps (including those from Google Playstore) , the number of downloads and user ratings, comments and the “Additional Information” section.
Be careful when visiting trusted / untrustworthy websites to click on links. Install Android updates and patches as they become available. Users are advised to use device encryption or encryption of the external SD card function available with most Android operating systems. “
Users were also asked to avoid using unsecured, unknown Wi-Fi networks and to confirm a banking / finance app from the source organization beforehand.
“Make sure you have a strong mobile anti-virus program with artificial AI (Artificial Intelligence) installed to detect and block this type of tricky malware if it ever gets on your system,” the recommendation said.
Find the latest and upcoming tech gadgets online at Tech2 Gadgets. Receive technology news, gadgets reviews and ratings. Popular devices such as laptop, tablet and cell phone specifications, functions, prices, comparison.