A malware known as ‘Cerberus’ is luring people with Covid-19 related information and stealing their financial information like credit card details. This is a Trojan virus which contacts individuals via text messages on their smartphone and requests them to click on a link which claims to provide Covid-19 updates. When clicked, the link auto-installs a malicious software on their phones, which extracts sensitive financial data. Moreover, this Trojan virus can employ overlay tactics to trick victims into sharing their financial information.

Another such malware is ‘EventBot,’ a mobile banking Trojan that abuses Android’s in-built accessibility features to steal data from financial applications, read SMS texts and intercept them by allowing malware to bypass the two-factor authentication. EventBot uses icons to masquerade itself as several commonly used applications like Microsoft Word, Adobe flash, Microsoft Excel, etc. Eventbot can be unknowingly installed by users through third party application downloading sites.

Here are some do’s and dont’s to evade scammers. In general, it is important to:

  • Be aware of any Covid-19 related phishing scams
  • Browse the official Government websites/AarogyaSetu App for Covid-19 related updates
  • Avoid visiting unknown links received on Whatsapp, mail, messenger, SMS and other channels
  • Avoid using unsecured, unknown Wi-Fi networks; There may be rogue Wi-Fi access points at public places used for distributing malicious applications

DO’S

  • Maintain a password/pattern to protect your smart phone
  • Keep software updated; Run the most recent versions of your mobile OS, security software, apps and Web browsers to defend against malware, viruses and other online threats
  • Download apps only from trusted sources (Google play store/Apple Store/Windows Store)
  • Use caution while visiting untrusted sites for clicking links
  • Always review the app details, number of downloads, user reviews, comments and “ADDITIONAL INFORMATION” section before installing apps on Android devices (even via the Google Play Store)
  • Verify in-app permissions and only grant those permissions which have relevant context for the app’s purpose
  • Frequently review your account statement/transactions to check any unauthorized transactions
  • Change your MPIN frequently
  • Install and maintain updated antivirus solution on android devices. Scan the suspected device with antivirus solutions to detect and clean infections

DONT’S

  • Download and install applications from untrusted sources [offered via unknown websites/links on unscrupulous messages]
  • Do not check “Untrusted Sources” checkbox to install apps
  • Store sensitive information like MPIN, password, credit card data etc. on phone