Android phone users vulnerable to new malware EventBot that targets banking apps

Hyderabad: Mobile users in India who are using android OS-powered phones are at the risk of a new malware EventBot, a mobile banking trojan that targets banking applications, money transfer services, and also financial applications.

The Indian Computer Emergency Response Team (CERT-In), an office within the ministry of electronics and information technology, has cautioned mobile users of the new malware and has issued an advisory, warning users against the threat of EventBot.

According to CERT-In, EventBot is a mobile banking trojan and info stealer that abuses android’s in-built accessibility features to steal user data from financial applications, read messages, and even intercepts SMSs on an android device, allowing the malware to bypass the two-factor authentication.

EventBot has so far targeted over 200 financial applications, including banking applications, money transfer services, cryptocurrency wallets, financial applications based in the US and Europe region. But it may affect Indian users as well, warned CERT-In. It is largely targeting financial applications like Paypal business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, and paysafecard.

The malware, though not found on Google Play Store yet, is using several icons to masquerade as a legitimate application such as Microsoft Word and Adobe flash and using third-party application downloading sites to infiltrate into the victim’s device. Once installed on any android device, EventBot asks for permissions such as controlling system alerts, reading content stored on the external space, installing additional packages, accessing the Internet, whitelisting it to ignore battery optimisations, prevent processor from sleeping or dimming the screen, auto initiate upon reboot, receive and read SMSs, and continue running and accessing data in the background. Further, it prompts the user to give access to the device's accessibility services.

CERT-In also warned that the new malware can retrieve notifications about other applications installed on the device and read the contents of other applications also. The scariest part is that it can also read lock screen and in-app PIN that can give the attackers privileged access over any device.

To overcome the risk from the malware, CERT-In has also issued countermeasures, which include installing a strong AI-powered mobile antivirus to detect and block this kind of tricky malware if it ever makes its way into your system. Also, it has warned users not to download and install applications from untrusted sources that are offered via unknown websites or links from unscrupulous messages and instead install applications downloaded from reputed application markets only.

Users are also advised to install android updates and the latest available patches from the vendors. Also, do not download or open attachments in emails received from untrusted sources or unexpectedly received from even trusted users. Users are also advised to not use unsecured and unknown wi-fi networks. There may be rogue wi-fi access points at public places used for distributing malware.