Mobile Banking Trojan Campaigns Target Indian Android UsersHackers Use Messaging Apps WhatsApp, Telegram to Bait Victims
Mobile banking Trojans spread through deceptive social media messages remain a problem for Indian smartphone users, warns Microsoft.
India accounts for 4 in 10 global transactions made with digital payments, according to the National Payments Corporation of India - a development facilitated by ubiquitous QR codes and a national digital identity program known as Aadhaar that covers nearly every Indian.
Fraudsters use WhatsApp and Telegram to distribute malicious apps masquerading as legitimate banks, government services and utilities software. Hackers are using a relatively new tactic of directly sharing malicious Android app files with the mobile users over messaging platforms.
Ongoing campaigns led to the discovery of two fraudulent applications designed to deceive Indian banking customers.
Targeting Account Information
Threat actors used WhatsApp in a recent, widely circulated phishing campaign to deliver a fake banking app disguised as a "know your customer" app that tricks users into submitting bank account details and credentials. The fake app can hide its icon on the device's home screen and operate surreptitiously in the background. The technical analysis reveals the app's ability to intercept and send SMS messages, including one-time passwords, which puts users at risk of financial fraud.
Targeting Payment Card Details
Another case involves a fraudulent app capable of stealing credit card details. Users are prompted to give SMS-based permissions, which allow the malicious app to collect personal information and credit card details. Some versions of the app capture additional information including the user's 12-digital unique Aadhaar number, financial details and one-time passwords.