An uptick in mobile banking trojan campaigns is threatening users in India. Cybercriminals are exploiting popular social media platforms like WhatsApp and Telegram to deploy deceptive messages to trick users into installing malicious apps, posing as legitimate entities such as banks and government services.
Once installed, these deceptive applications stealthily exfiltrate sensitive information, including personal details, banking information, payment card data, and account credentials. While this isn’t a novel threat, mobile malware infections continue to pose significant risks, ranging from unauthorised access to personal information to financial loss and privacy breaches.
Researchers from Microsoft exposed two such campaigns that were targeting Indian users. Unlike previous campaigns that used malicious links, the current tactics involve directly sharing malicious APK files with Indian mobile users. These files, disguised as legitimate banking apps, exploit the trust users place in well-known institutions.
The first case uncovered by Microsoft involved a WhatsApp phishing campaign, where attackers shared a malicious APK file, masquerading as an official banking app, through the messaging platform. The attackers used a deceptive message claiming the user’s bank account would be blocked, urging them to update their PAN card.
The fraudulent app, upon installation, proceeded to extract sensitive information, sending it to a command and control server and the attacker’s phone number. The fake app looks similar to a legitimate app and lures the victim into signing in with their mobile number, ATM pin or PAN card details.
After giving the details, the application displayed a message that the user should not delete the app as the details are being verified. Moreover, the app has a button that allows it to run in the background thereby hiding its activities.
In the second case, a similar approach was employed to target payment card details. The malicious app not only sought personal information like name, email ID, mobile number and date of birth but also aimed to steal credit card details, putting users at risk of financial fraud.
To counter these malicious attacks, Microsoft urged users to download and install applications directly from the authorised stores or the bank’s website. Additionally, researchers also advised to keep the Install unknown apps disabled on Android.
The company is notifying the organisations and providing support to counter these campaigns.
In the News: Why was Sam Altman ousted? What is happening at OpenAI?
