Researchers have uncovered an ongoing information-stealing campaign targeting customers of Indian banks with mobile malware.
The cybercriminals behind the campaign trick users into installing fraudulent banking apps on their devices by impersonating legitimate organizations, such as financial institutions, government services, and utilities.
Once installed, these apps exfiltrate various types of sensitive data from users, including personal information, banking details, payment card information, and account credentials, according to researchers at Microsoft who analyzed the campaign. This information can later be used for financial fraud, the researchers said.
To gain access to the victims’ devices, hackers send phishing messages through social media platforms like WhatsApp and Telegram. These messages typically request to update users’ banking information and contain a malicious file that installs a fraudulent app on the targeted device.
One such app impersonated a legitimate bank in India and asked users for their bank account information and credentials. The real bank had no affiliation with this fake app. After receiving all the necessary information, the app disappeared from the device’s home screen while still silently running in the background.
Another app was capable of stealing credit card details, including 16-digit card numbers, CVV numbers, and card expiration dates, putting users at risk of financial fraud, according to Microsoft.
The hackers put a lot of effort into creating these apps: they used the icons of legitimate banks and tried to make the “authentication process” — which, in reality, is designed to steal data — as realistic as possible.
What makes these campaigns especially dangerous is that the hackers choose to imitate legitimate and even well-known institutions and services in the region, “luring users into a false sense of security,” according to researchers. But banks and other organizations are not affected by such attacks directly.
Mobile malware is not a new threat, but it poses a significant threat to mobile users, according to Microsoft. This includes risks like unauthorized access to personal information, financial loss from fraudulent transactions, privacy loss, device performance issues caused by malware using system resources, and data theft or corruption.
“This threat highlights the need for customers to install applications only from official app stores, and to be wary of false lures,” researchers said.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
