EventBot Malware in Social Medias
According to experts from the Indian Security Investigation Team (CERT-IN), a campaign has been identified for the release of a new malware called “EventBot” and is working through social media pages such as Instagram and Telegram. The main target countries are Asian countries. This malware is designed for the Android operating system and is introduced to the victim in the form of valid programs such as Microsoft Word, Adobe Flash.
This malware involves stealing information from financial programs, reading incoming text messages, and circumventing two-factor authentication. This malware can steal information from more than 200 known financial applications such as mobile banks, money transfer services and wallets, digital currencies.
When the program containing this malware is installed on the victim's mobile phone, it receives the following permissions from the user:
- System alert control
- Read external memory
- Install other programs
- Internet access
- Reboot when starting the mobile phone
- Send and receive SMS
- Run in the background of mobile phones
Also, a completely new feature of this malware is the ability to read the screen lock pin and passwords of other applications. This feature allows the attacker to have full access to the victim's installed apps on the mobile phone.
Observing the following security recommendations plays an important role in preventing contamination of this or other malware:
- Install the required programs from reputable sources such as Google Play Store and App Store
- Install valid anti-malware tools and continuously update them
- Activate the Google Play Protect feature in the Android operating system
- Pay attention to the accesses obtained by the programs installed on the mobile phone and match the accesses with the type of activity of the programs.
- Pay attention to the description of the program, the number of installed and other users' comments before installing the programss