61st Day Of Lockdown

Maharashtra47190134041577 Tamil Nadu155127491104 Gujarat136696169829 Delhi134186540261 Rajasthan67943804161 Madhya Pradesh63713267281 Uttar Pradesh60173406155 West Bengal34591281269 Andhra Pradesh2780180856 Bihar247765311 Punjab2045187039 Karnataka195960842 Telangana1813106849 Jammu and Kashmir156977421 Odisha13364977 Haryana113175016 Kerala7955155 Assam351574 Jharkhand3501413 Uttarakhand244551 Chandigarh2381793 Tripura1911520 Himachal Pradesh185574 Chhatisgarh172620 Goa55160 Manipur2720 Puducherry26100 Meghalaya14121 Mizoram110 Arunachal Pradesh110 Sikkim100
Technology Other News 14 May 2020 Android users beware ...

Android users beware, mobile banking malware on the prowl

Published May 14, 2020, 8:29 pm IST
Updated May 14, 2020, 8:29 pm IST
The Trojan virus EventBot targets over 200 financial applications, including money-transfer services and cryptocurrency wallets
The EventBot Trojan virus may masquerade as a legitimate application such as Microsoft Word, Adobe flash and third-party applications to infiltrate a user’s device
 The EventBot Trojan virus may masquerade as a legitimate application such as Microsoft Word, Adobe flash and third-party applications to infiltrate a user’s device

New Delhi: A mobile banking malware called "EventBot", which steals personal financial information, may affect Android phone users in India, the federal cyber-security agency has said in a latest advisory.

The CERT-In has issued a caution, saying the Trojan virus may "masquerade as a legitimate application such as Microsoft Word, Adobe flash and others using third-party application downloading sites to infiltrate into victim device".


A Trojan is a virus or malware that cheats a victim to stealthily attack its computer or phone-operating system.

"It has been observed that a new Android mobile malware named EventBot is spreading.

"It is a mobile-banking Trojan and info-stealer that abuses Android's in-built accessibility features to steal user data from financial applications, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication," the CERT-In advisory said.

The Computer Emergency Response Team of India (CERT-In) is the national technology arm to combat cyber attacks and guard the Indian cyber space.

"EventBot", it said, targets over 200 different financial applications, including banking applications, money-transfer services and cryptocurrency wallets, or financial applications based in the US and Europe region at the moment but some of their services may affect Indian users as well.

The virus "largely targets financial applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc.," the CERT-In said.

The agency said while "EventBot" has not been "seen" on Google Playstore till now, it can "masquerade" as a genuine mobile phone application.

"Once installed on victim's Android device, it asks permissions such as controlling system alerts, reading external storage content, installing additional packages, accessing internet, whitelisting it to ignore battery optimisation, prevent processor from sleeping or dimming the screen, auto-initiate upon reboot, receive and read SMS messages and continue running and accessing data in the background," the advisory explained.

The virus further prompts the users to give access to their device accessibility services.

"Also, it can retrieve notifications about other installed applications and read contents of other applications.

"Over the time, it can also read Lock Screen and in-app PIN that can give attacker more privileged access over victim device," the advisory said.

The cyber security agency has suggested certain counter-measures to check the virus infection into Android phones:

"Do not download and install applications from untrusted sources like unknown websites and links on unscrupulous messages; install updated anti-virus solution; prior to downloading or installing apps (even from Google Playstore), always review the app details, number of downloads, user reviews, comments and the 'additional information' section.

Exercise caution while visiting trusted/un-trusted sites for clicking links; install Android updates and patches as and when available; users are advised to use device encryption or encrypting external SD card feature available with most of the Android operating system."

It also asked users to avoid using unsecured, unknown Wi-Fi networks and for prior confirming of a banking/financial app from the source organisation.

"Make sure you have a strong AI (artificial intelligence) powered mobile antivirus installed to detect and block this kind of tricky malware if it ever makes its way onto your system," the advisory states.

Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter