`EventBot': Android mobile users are at risk of new malware

Hyderabad: Mobile users beware! Android OS powered phones are at the risk of new malware. EventBot, mobile banking Trojan, has been set off to target money transfer services and financial applications in India.

CERT-In, Indian Computer Emergency Response Team (ICERT) in Ministry of Electronics and Information Technology, has cautioned the mobile users against this new malware.

CERT-In, which is also the nodal agency to deal with cyber security threats like hacking and phishing, issued an advisory warning users against EventBot Malware Banking Trojan.

According to CERT-In, EventBot is a mobile banking Trojan and infostealer that abuses Android’s in-built accessibility features to steal user data from financial applications, read SMS messages and even intercepts SMSs on an android device, allowing the malware to bypass the two-factor authentication.

EventBot has so far targeted over 200 financial applications including banking applications, money transfer services, cryptocurrency wallets, financial applications based in the USA and Europe region. But it may affect Indian users as well, warned CERT-In.

EventBot is largely targeting financial applications like Paypal business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, Paysafecard, etc.

Though not found on Google Play Store yet, the malware is using several icons to masquerade as a legitimate application such as Microsoft Word, Adobe flash and using third party application downloading sites to infiltrate into the victim’s device.

Once installed on an android device, EventBot asks for permissions such as controlling system alerts, reading content stored on the external space, installing additional packages, and accessing the internet Further, it prompts the user to give access to the device's accessibility services.

CERT-In also warned that malware can retrieve notifications about other applications installed on the device and read the contents of other applications also. The scariest part is that it can also read the lock screen and the in-app PIN that can give the attacker more privileged access over any device.

To overcome the risk from the malware, CERT-In has also issued countermeasures, which include having a strong AI (artificial intelligence) powered mobile antivirus installed to detect and block this kind of tricky malware if it ever makes its way onto your system.

Also, do not download and install applications from untrusted sources, which are offered via unknown websites or links from unscrupulous messages and Install applications downloaded from reputed application markets only.