Source: Beware of mobile banking malware EventBot, warns CERT-In. An Android mobile banking malware called “EventBot” which steals user data from financial applications is spreading, warns the Indian Computer Emergency Response Team (CERT-In).
This mobile banking Trojan abuses Android”s in-built accessibility features to steal user data, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication, the cybersecurity agency said in its advisory this month.
EventBot targets over 200 different financial applications, including banking applications, money-transfer services, and cryptocurrency wallets, or financial applications based in the US and Europe region at the moment but some of their services may affect Indian users as well.
The malware largely targets financial applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc., said CERT-In.
While EventBot has not been seen on Google Play Store yet, it uses several icons to masquerade as a legitimate application.
EventBot is using third-party application downloading site to infiltrate into the victim device, the CERT-In warned.
“Once installed on victim”s Android device, it asks permissions such as controlling system alerts, reading external storage content, installing additional packages, accessing Internet, whitelisting it to ignore battery optimisation, prevent processor from sleeping or dimming the screen, auto-initiate upon reboot, receive and read SMS messages, and continue running and accessing data in the background,” the cybersecurity agency said in its advisory.
To read more… Beware of mobile banking malware EventBot, warns CERT-In.