Mobile Banking Malware “EventBot” Steals Users Data, CERT-In warns

All of you beware of online banking malware “EventBot“. This Android malware is stealing the data of the users from financial applications. The Indian Computer Emergency Response Team (CERT-IN) warns the users.

CERT-In Says Mobile Banking Android Malware ‘EventBot’ Horsing Around in Cyberspace

Mobile Banking Malware "EventBot" Steals Users Data, CERT-In warns
Mobile Banking Malware “EventBot” Steals Users Data, CERT-In warns

This mobile banking malware abuses Android’s in-built accessibility feature. Then it steals the user data, read the SMS messages, and block SMS messages which allow the malware to bypass two-factor authentication.

The malware EventBot targets more than 200 different financial apps like banking apps, money-transfer services, and cryptocurrency wallets which are based in Europe and US region. However, some of the services might affect Indian users also.

CERT-In says EventBot is mostly targeting financial apps like PayPal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, Paysafecard etc.

However, EventBot malware is not seen on Play Store, and it uses few icons to pretend as a legal application. EventBot comes in your device through the third-party app downloading site to get to the victim device.

The cybersecurity agency said,

“Once installed on victim’s Android device, it asks permissions such as controlling system alerts, reading external storage content, installing additional packages, accessing Internet, whitelisting it to ignore battery optimisation, prevent processor from sleeping or dimming the screen, auto-initiate upon reboot, receive and read SMS messages, and continue running and accessing data in the background,”

Moreover, the malware advises the users to give access to the device accessibility services.

The advisory said,

“Also, it can retrieve notifications about other installed applications and read contents of other applications. Over the time, it can also read Lock Screen and in-app PIN that can give attacker more privileged access over victim device.”

The cybersecurity agency recommended the users to prevent malware infection to their phones. They gave advise no to download and install apps from untrusted sources via unknown websites/ links.

Leave a Comment