The federal cybersecurity agency cautions about the rise of a new mobile banking malware called “EventBot”, which purportedly steal personal financial information and says it might influence Android phone users in India, in a most recent advisory.
The Trojan infection may “masquerade as a legitimate application such as Microsoft Word, Adobe flash and others using third-party application downloading sites to infiltrate into victim device” as per an alert issued by the (CERT-In) Computer Emergency Response Team of India, the national technology arm to combat cyber-attacks and guard the Indian cyberspace.
“It has been observed that a new Android mobile malware named EventBot is spreading. It is a mobile-banking Trojan and info-stealer that abuses Android’s in-built accessibility feature to steal user data from financial applications, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication,” said the CERT-In warning.
As indicated by the CERT-In the virus “to a great extent target financial apps like PayPal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard and so on”
The agency said while “EventBot” has not been “seen” on Google Playstore till now, it can “masquerade” as a certified mobile phone application.
The virus further prompts the users to offer access to their device accessibility services. The advisory claimed that the virus is equipped for recovering notifications about other installed applications and read the contents of various applications.
Over time, it can also read Lock Screen and in-app PIN that can give the attacker more privileged access over victim device,”
The cybersecurity agency has proposed certain counter-measures to check the virus infection within the Android phones: “Do not download and install applications from untrusted sources like unknown websites and links on unscrupulous messages; install updated anti-virus solution; prior to downloading or installing apps even from Google Playstore), always review the app details, number of downloads, user reviews, comments and the ‘additional information’ section”
Lastly, it requested that users abstain from utilizing unsecured, unknown Wi-Fi systems, and for prior affirming of a banking/financial application from the source organization.