New phishing campaign: Android app pretends to be bank customer service app
On Thursday the cyber-security researchers said that they have spotted a new phishing campaign that is targeting banking consumers in India via SMS forwarding apps.
The phishing site collects victims’ banking credentials and personal identifiable information (PII), post which an Android SMS forwarding malware is downloaded to their devices, according to AI cyber-security firm CloudSEK.
The research team discovered several domains with the same modus operandi and templates.
Researchers from CloudSEK discovered and examined an Android app that pretends to be a bank customer service app. This application requests the user for two permissions on their device to receive SMS and send SMS.
The application’s source code is revealed to be available on Github. The application does not have any obfuscation or evasion mechanisms that make it difficult for anti-virus or other solutions to detect it.
After the app has been installed on a victim’s mobile phone, any SMS containing an OTP received on the device is redirected to the target phone controlled by the threat actor, the report mentioned.
“The banks should also take responsibility in raising awareness about such scams and educate their customers to prevent monetary as well as reputation loss,” said Anshuman Das, Cyber Threat Researcher at CloudSEK.
As part of the hackers’ modus operandi, the victims first fill out sensitive banking information such as card number, CVV number, and expiry date, on the fake complaint portal.
After the banking information is exploited, a malicious customer support application gets downloaded to the victim’s devices.
“No logos or names of the Indian banks have been used in these phishing websites, in order to avoid suspicion and detection. Moreover, the malicious customer support application is not hosted on the Google Play Store or any of the third-party application stores,” said the researchers.
The malicious application is then used to send all the incoming SMS to the scammer’s C2 (command and control) server.
“Even if a user’s accounts are secured by multi-factor authentication, threat actors can still use the app to gather private information, conduct illicit activities on the users’ banking accounts, and access their other accounts,” the researchers warned.
“It is important to be extra cautious when installing new applications. Download apps from reputable app stores like the Google Play store and the App Store only. After installing any application, be careful while granting permissions,” said Das.
[With Inputs from IANS]
PGurus is now on Telegram. Click here to join our channel and stay updated with all the latest news and views
For all the latest updates, download PGurus App.
- Fact-Finding Committee members on their way to Sandeshkhali arrested at Bhojerhat - February 25, 2024
- ‘Farmers first’ policy is Modi govt’s resolve to boost their income: A look at key initiatives - February 24, 2024
- Three new criminal laws replacing IPC, CrPC, Evidence Act to be effective from July 1, 2024: Govt notification - February 24, 2024