Cybercrime , Endpoint Security , Fraud Management & Cybercrime

Mobile Banking Trojan Campaigns Target Indian Android Users

Hackers Use Messaging Apps WhatsApp, Telegram to Bait Victims
Mobile Banking Trojan Campaigns Target Indian Android Users
Microsoft is warning about banking Trojans spread on social media. (Image: Shutterstock)

Mobile banking Trojans spread through deceptive social media messages remain a problem for Indian smartphone users, warns Microsoft.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

India accounts for 4 in 10 global transactions made with digital payments, according to the National Payments Corporation of India - a development facilitated by ubiquitous QR codes and a national digital identity program known as Aadhaar that covers nearly every Indian.

Microsoft said in a Monday blog post that mobile malware infections aren't a new threat to Indian users, but they "pose a significant threat" of financial loss and data theft.

Fraudsters use WhatsApp and Telegram to distribute malicious apps masquerading as legitimate banks, government services and utilities software. Hackers are using a relatively new tactic of directly sharing malicious Android app files with the mobile users over messaging platforms.

Ongoing campaigns led to the discovery of two fraudulent applications designed to deceive Indian banking customers.

Targeting Account Information

Threat actors used WhatsApp in a recent, widely circulated phishing campaign to deliver a fake banking app disguised as a "know your customer" app that tricks users into submitting bank account details and credentials. The fake app can hide its icon on the device's home screen and operate surreptitiously in the background. The technical analysis reveals the app's ability to intercept and send SMS messages, including one-time passwords, which puts users at risk of financial fraud.

Targeting Payment Card Details

Another case involves a fraudulent app capable of stealing credit card details. Users are prompted to give SMS-based permissions, which allow the malicious app to collect personal information and credit card details. Some versions of the app capture additional information including the user's 12-digital unique Aadhaar number, financial details and one-time passwords.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.