Mobile banking malware that hides in MS Word, Adobe flash apps may affect Android smartphones
It has been observed that a new Android mobile malware named EventBot is spreading.
By PTI |
ThinkStock Photos
The virus further prompts the users to give access to their device accessibility services.
NEW DELHI: A mobile banking malware called "EventBot", which steals personal financial information, may affect Android phone users in India, the federal cyber-security agency has said in a latest advisory.
The CERT-In has issued a caution, saying the Trojan virus may "masquerade as a legitimate application such as Microsoft Word, Adobe flash and others using third-party application downloading sites to infiltrate into victim device".
A Trojan is a virus or malware that cheats a victim to stealthily attack its computer or phone-operating system.
"It has been observed that a new Android mobile malware named EventBot is spreading.
"It is a mobile-banking Trojan and info-stealer that abuses Android's in-built accessibility features to steal user data from financial applications, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication," the CERT-In advisory said.
The Computer Emergency Response Team of India (CERT-In) is the national technology arm to combat cyber attacks and guard the Indian cyber space.
ADVERTISEMENT
The virus largely targets financial applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc. "EventBot", it said, targets over 200 different financial applications, including banking applications, money-transfer services and cryptocurrency wallets, or financial applications based in the US and Europe region at the moment but some of their services may affect Indian users as well.
The virus "largely targets financial applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc.," the CERT-In said.
The agency said while "EventBot" has not been "seen" on Google Playstore till now, it can "masquerade" as a genuine mobile phone application.
ADVERTISEMENT
"Once installed on victim's Android device, it asks permissions such as controlling system alerts, reading external storage content, installing additional packages, accessing internet, whitelisting it to ignore battery optimisation, prevent processor from sleeping or dimming the screen, auto-initiate upon reboot, receive and read SMS messages and continue running and accessing data in the background," the advisory explained.
The virus further prompts the users to give access to their device accessibility services.
ADVERTISEMENT
"Also, it can retrieve notifications about other installed applications and read contents of other applications.
Password Manager, Authentic Apps & Webcam Cover: 9 Steps To Ensure Data Security Every Day
1/10
2019 was the year of serious data breaches. Each made headlines that jolted users into reality and the importance of protecting personal data. A recent survey indicates that 52 per cent of users polled believe they need to strengthen their data policies, 45 per cent expect advertising and marketing regulation to become 'more strict', while 88 per cent agree, or strongly agree, that digital privacy will become increasingly important this year.
While, January 28 is observed as the Data Privacy Day in India, the US, Canada and 47 European countries each day, Sunil Sharma, managing director sales, India & SAARC, Sophos advises you to treat every day as Data Privacy Day and apply these simple tips to secure your data.
2019 was the year of serious data breaches. Each made headlines that jolted users into reality and the importance of protecting personal data. A recent survey indicates that 52 per cent of users poll..
Read More
Password managers will create and remember complex passwords for you, making it easy for you to keep different passwords for every website. All you need to do is remember one super long and complicated password for the manager itself.
Password managers will create and remember complex passwords for you, making it easy for you to keep different passwords for every website. All you need to do is remember one super long and complicat..
Read More
Always check the permissions an app is asking for before you download it to your personal device. It’s also important to delete any apps that you don’t use anymore.
Always check the permissions an app is asking for before you download it to your personal device. It’s also important to delete any apps that you don’t use anymore.
Information such as your date of birth or address gives cybercriminals usable information about you. Equally, sharing when you’re going on a trip can alert local criminals that your home will be empty.
Information such as your date of birth or address gives cybercriminals usable information about you. Equally, sharing when you’re going on a trip can alert local criminals that your home will be empt..
Read More
You can do this with an app such as Google Authenticator, or from SMS codes sent directly to your phone. If you want to be super secure you can do it with a hardware key that you plug straight into your computer or laptop.
You can do this with an app such as Google Authenticator, or from SMS codes sent directly to your phone. If you want to be super secure you can do it with a hardware key that you plug straight into y..
Read More
It’s not impossible for hackers to access your webcam. Keep yourself protected and have peace of mind by using a webcam cover.
It’s not impossible for hackers to access your webcam. Keep yourself protected and have peace of mind by using a webcam cover.
If you’re having connection troubles, resist the temptation to “turn off the firewall” or “bypass the router” to see if that solves the problem. That’s a bit like disconnecting your car’s brakes and then going for a ride to see if performance improves.
If you’re having connection troubles, resist the temptation to “turn off the firewall” or “bypass the router” to see if that solves the problem. That’s a bit like disconnecting your car’s brakes and ..
Read More
Tools can detect and block the disk-scrambling part of a ransomware attack. This offers you protection even if the malware file itself, and its running process, is out there on someone else’s computer that you can’t control.
Tools can detect and block the disk-scrambling part of a ransomware attack. This offers you protection even if the malware file itself, and its running process, is out there on someone else’s compute..
Read More
There are millions of computers still at risk from WannaCry – this means they haven’t been patched for more than two and a half years! Don’t be one of those people. The best way to stay up to date is have auto-updates on so you know you’re running the latest software.
There are millions of computers still at risk from WannaCry – this means they haven’t been patched for more than two and a half years! Don’t be one of those people. The best way to stay up to date is..
Read More
And keep at least one recent copy offline, so you can access your precious data even if you’re locked out of your own computer, your own network or your own accounts. By the way, encrypt your backups so that you don’t spend the rest of your life wondering what might show up if any of your backup devices go missing.
And keep at least one recent copy offline, so you can access your precious data even if you’re locked out of your own computer, your own network or your own accounts. By the way, encrypt your backups..
