CERT-In warns Android users against 'EventBot'

Policharcha.com | Updated: May 20, 2020, 12:23 IST

EventBot Malware. CERT-In

World is becoming more globalised for which credit goes to the Internet that paved the way for many industries to advance their technologies. It revolutionised every orthodox way of production developed during the Industrial Revolution. What was accessible to a few in its early days is now a necessity for everyone as everything is dependent on it - from running a business to connecting with people, but as the dependency grew, usage of internet also became a risk.

Latest developments are coming from the cyber security world where India's nodal agency for protecting citizens’ data from cyber threats, Indian Computer Emergency Response Team (CERT-In) has warned Android users in the country against a Trojan named EventBot, a banking malware which has potential to steal user data from financial accounts. 

EventBot is a mobile-banking Trojan which seems legitimate software, but is actually a way to steal user data from the financial and banking applications on smartphones by abusing the Android’s in-built accessibility features to obtain deep access to devices operating system. It can also read and interpret user's SMS messages allowing the trojan to bypass and breach two-factor authentication facilitated by the banks for security purposes.

The agency's advisory said, “The EventBot trojan has over 200 different financial applications under its target, including banking applications, money-transfer services, and cryptocurrency wallets, or financial applications based in the US and European region.”

"The malware largely targets financial applications like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc", the agency added.

While EventBot has not breached Google Play Store yet, but it masquerades as icons of legitimate Android apps like Adobe Flash or Microsoft Word for Android. EventBot is using a third-party application downloading site to infiltrate into the victim device.

What is CERT-In?

CERT-IN (Computer Emergency Response Team-India) is a bureau formed in 2004 with the sole objective to counter growing cyber security threats in the country such as hacking and phishing. It comes under the jurisdiction of Ministry of Electronics and Information Technology. The Ministry has granted it a status of a nodal agency entrusted with the responsibility of responding to untoward cyber security incidents and strengthening the Indian defence system through effective security practices against vulnerabilities evolving in Internet domain. Under the Information Technology Amendment Act 2008, CERT-IN operates with a vision ‘to build secure and resilient cyberspace for citizens, businesses and Government' with the numerous functions: 

  • Collect, analyse, and disseminate cyber incident information. 
  • Create forecasts & alerts and place emergency protocol in the unfortunate event of cyber security breach.
  • Issue guidelines and advisories on prevention, reporting, vulnerabilities, and response of cyber incidents.

What is a malware?

Malicious Software or commonly used abbreviation "malware" is a software specifically designed to damage, disrupt, steal or inflict some illegitimate action on users’ data and intends to harm devices or infect systems through varying mediums such as Viruses, Worms, Trojans, and Bots which are part of the malware family.

Malware can enter the device through internal or external storage devices like pen drives or compact disk or by clicking on the malicious ads pop-ups frequently while the user operates the pirated software/movies/games or downloads files/attachments from the Internet. 

A virus is a malware that can convert the files in the form of audio, video, pictures to junk and make them corrupted and inaccessible.

Worm is a malware which multiplies itself rapidly to make the device run slower and slower. Worms attack the files and create similar infinite files resulting in lagging the device.

Trojan is a type of software that appears very genuine but post-installation, it spills the beans or shows its original colour. Trojan consumes memory through speed boosters, memory cleaner software and paves the way for viruses and worms to enter the devices. 

A bot is an automated pre-programmed software application that runs according to mentioned instructions deployed to perform certain tasks without zero human intervention. Bots are a replacement of those human activities where humans are required to perform repetitive tasks, but bots speed comes in their biggest advantage easily beating humans. 

Bots come with different profiles as per pre-installed instructions such as search engine bots that index content for search, or customer service bots that respond to consumers queries. They are categorised as "good" bots working as instructed.

"Bad" bots are maliciously programmed to break into user accounts, scan the web for contact information for sending spam, or perform other malicious activities, prime example being, EventBot. Bots come in varieties, chief amongst them are as follows:

  • Chatbots - Bots that simulate human conversation by responding to certain phrases with programmed responses. 
  • Web crawlers (Googlebots) - Bots that scan content on webpages all over the Internet. 
  • Social bots - Bots that operate on social media platforms. 
  • Malicious bots - Bots that scrape content, spread spam content, or carry out credential stuffing attacks. 

CERT-In has suggested certain counter-measures for Android phone users not to become the victim of hackers and scammers which includes remaining extra cautious while downloading or installing applications from trusted sources or restrict downloading from untrusted sources like unknown websites or links sent over mail or SMS.

Users should deeply review the application details, number of downloads on the source website or play store, restrict from downloading if found something conspicuous as it may contain bad bots. Install strong artificial intelligence (AI) powered mobile antivirus that can block any potential tricky malware and keep their applications fully-updated with latest Android updates and patches. Avoid using unsecured, public, and unknown Wi-Fi networks and download authentic banking/financial applications approved and legitimised by the organisation. The agency also advised users to use device encryption, or encrypting external SD card features available with most of the Android operating system.

Related Discussion


8 months ago

Bhagat Singh

10 months ago

Is Financial Emergency on the cards?

10 months ago

What will happen after 21 days?

10 months ago

View More