This new malware steals personal and sensitive information
The malware targets financial applications, reads user SMS messages and can even intercept SMS messages
Android users who use mobile banking might be vulnerable to a new malware called ‘EventBot’. This new malware steals personal and sensitive information according to the Computer Emergency Response Team of India (CERT-In), the national technology arm to combat cyber attacks and guard the Indian cyber space.
The CERT-In has issued a caution, claiming that the Trojan virus may "masquerade as a legitimate application such as Microsoft Word, Adobe flash and others using third-party application downloading sites to infiltrate into victim device". A Trojan virus often enters a device by cheating the user into believing that it is a software the user needs. It then attacks the operating system from within.
"It is a mobile-banking Trojan and info-stealer that abuses Android's in-built accessibility features to steal user data from financial applications, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication," the CERT-In advisory said.
The cybersecurity agency claimed that the new virus targets over 200 financial applications which includes banking applications, money-transfer services and cryptocurrency wallets, or financial applications based in the US and Europe region at the moment. However, CERT-In claims that some of their services may affect Indian users as well.
The virus "largely targets financial applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc.," the CERT-In said.
So far, the virus has not spotted on any Google Playstore application but it can use third party app markets to mask themselves and enter operating systems.
"Once installed on victim's Android device, it asks permissions such as controlling system alerts, reading external storage content, installing additional packages, accessing internet, whitelisting it to ignore battery optimisation, prevent processor from sleeping or dimming the screen, auto-initiate upon reboot, receive and read SMS messages and continue running and accessing data in the background," the advisory explained.
The agency claims that once the virus has entered the device it can retrieve notifications about other installed applications and read contents of other applications.