We’re all used to logging into banking and payment apps on a regular basis, and this practice has only grown more common as the covid-19 pandemic has confined us to our homes. But while you are downloading and using banking and payments apps to make life easier, unbeknownst to you, your financial data might be stolen and misused, and your account can be cleared in a matter of minutes.

According to a warning issued by the Indian Computer Emergency Response Team (CERT-In) a trojan called “EventBot" has recently been identified, which is affecting users of financial transaction apps across the world. A trojan is a type of malware that is attached to what seems to be a legitimate program. The name, which references the Trojan Horse used by the Greeks to attack Troy, is a good indicator of how it functions. The fact that it appears to be genuine leads many unsuspecting users to download the app, which is a fake version of the original loaded with malware. Once installed, a trojan can open your device up to phishing and data theft.

According to the advisory put out by CERT, Eventbot is a mobile banking malware, which steals personal financial information, and may affect Android phone users in India. The tricky part about a trojan like Eventbot is that it can pass off as a trusted application. The CERT release stated that it may "masquerade as a legitimate application such as Microsoft Word, Adobe flash and others using third-party application downloading sites to infiltrate into the victim’s device".

A banker trojan or banking trojan specifically targets the financial data of users. It could compromise the security of your device and transactions in a number of ways, including downloading, running and sending files remotely and logging your keystrokes to steal passwords.

To protect your device from such malware, experts recommend a few tried and tested methods. “Do not click links from unknown sources or open documents or attachments or images in social media tools. Perpetrators often use these to spread trojans. Don’t download apps from unknown companies and if the utility is not impactful, if you do download an app, be aware of what rights you have assigned to the app in system settings," said Rajesh Mirjankar, MD and CEO, InfrasoftTech.

According to Sumit Gupta, CEO and co-founder of CoinDCX, simpler measures such as keeping Google Protect on our device and keeping your software up-to-date, can also help protect you from malware. “If you aren't sure about an app, check out the reviews and make an informed decision. Also, think critically before granting permission to any app," he said.

The spread of malware is on the rise as more people take to the internet for work, entertainment and functions such as banking because of covid-19. To protect yourself, stay vigilant. If an app is not essential, don’t download it, unless you are absolutely sure about the app developer’s credibility. Keep in mind that malware is designed to look harmless, so you might unwittingly walk into the trap.

