Context: Recently, the Computer Emergency Response of Team (CERT) of India has issued warning against a new malware called “EventBot”.
Key Points

• Warned by: The warning and advises regard the new malware was given by Indian Computer Emergency Response Team (CERT-IN).
• Notification: The notification was issued Indian government to make the people aware of this new malware.
• Name of the malware: The new Android mobile malware named “EventBot”, which steals the financial information – bank account details, read SMS messages that allow it to bypass two-factor authentication set for various banks – by abusing the Android”s in-built accessibility features.
• Trojan: CERT-IN saying it as a ‘Trojan’ – a virus or malware that cheats a victim to stealthily attack its computer or phone-operating system.
• Appearance: It uses several icons to masquerade as legitimate apps such as Microsoft Word, Adobe Flash and others using third-party application downloading sites to infiltrate into victim device. 
• Target: The malware targets 200 financial applications – includes banking apps and money transfer services.
• It targets the applications – Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard etc.
• As of now, malware has not been spotted in any of the apps available through Google Play Store as of now.

How it attacks?

• After installation, it ask required permissions like controlling system alerts, reading external storage content, auto-initiated upon reboot, receive and read SMS messages etc.
• By securing such permissions, the attackers can access the financial information of the user. They can access it better by reading the Lock Screen and in-app PIN.

CERT-In recommendations:

• The malware has yet to appear in Google Play Store, the CERT-In recommends few things;
• Don’t download apps from third-party app store, unknown (and unsecure) websites
• Install and update antivirus software for mobile devices 
• Check the kind of permissions and access the app is asking before downloading it
• Do not download apps or access mail via unsecure public Wi-Fi network
• Do not download email attachments from unknown senders

About malware

• Malware is the shortened form of malicious software, an umbrella term used to refer to a variety of forms of hostile or intrusive software including Ransom wares, Computer Viruses, Worms, Trojan Horses, Spyware, Adware, Scareware etc.

Malware can be classified based on how they get executed, how they spread, and/or what they do. Some of them are discussed below.
Virus: A program that can infect other programs by modifying them to include a possible evolved copy of itself.
Worms: Disseminated through computer networks, unlike viruses, computer worms are malicious programs that copy themselves from system to system, rather than infiltrating legitimate files.
Trojans: Trojan or trojan horse is a program that generally impairs the security of a system. Trojans are used to create back-doors (a program that allows outside access into a secure network) on computers belonging to a secure network so that a hacker can have access to the secure network.
Hoax: An e-mail that warns the user of a certain system that is harming the computer. The message thereafter instructs the user to run a procedure (most often in the form of a download) to correct the harming system. When this program is run, it invades the system and deletes an important file.
Spyware: Invades a computer and, as its name implies, monitors a user’s activities without consent. Spywares are usually forwarded through unsuspecting e-mails with bonafide e-mail i.ds. Spyware continues to infect millions of computers globally.
About CERT-In 

• It is an acronym for ‘Indian Computer Emergency Response Team’. 
• As per Information Technology Amendment Act 2008, CERT-In is the National Incident Response Centre for major computer security incidents in its constituency i.e. Indian cyber community. 
• CERT-In’s primary role is to raise security awareness among Indian cyber community and to provide technical assistance and advise them to help them recover from computer security incidents. 
• It functions under the Ministry of Electronics and Information Technology.

Objectives of CERT-In

• Preventing cyber-attacks against the country’s cyber space.
• Responding to cyber-attacks and minimizing damage and recovery time.
• Reducing ‘national vulnerability to cyber-attacks.
• Enhancing security awareness among common citizens.