McAfee Labs has recently uncovered a sophisticated Android banking trojan named Android/Banker, specifically targeting Indian users. This malicious software exploits the widespread use of utility and banking apps in India to steal sensitive financial information.
Overview of the Attack
The Android/Banker trojan disguises itself as legitimate utility services (such as gas or electricity) or banking applications. By mimicking these essential services, the malware tricks users into downloading and installing it on their devices.
Impact and Statistics
As of the latest reports, the trojan has infected:
- 419 devices
- Intercepted 4,918 SMS messages
- Stolen 623 entries of card and bank-related information
These figures are likely to increase as the malware campaign continues to evolve.
Method of Attack
The attackers leverage phishing messages, often sent through platforms like WhatsApp, to entice users into downloading the malicious app. Once installed, the app requests various permissions that allow it to access personal data, including SMS messages and financial information. With these permissions, the attackers can intercept one-time passwords (OTPs) and other sensitive data, enabling them to steal funds from the victims’ bank accounts.
The trojan uses WhatsApp messages to lure victims into installing fake apps designed to mimic services for major financial and utility providers, such as:
- Axis Bank (ax_17.customer)
- Punjab National Bank (pnb_5.customer)
- Gas and Electricity Bill Payments (gs_5.customer, elect_5.customer)
Response and Recommendations
McAfee Mobile Security has detected this threat and is actively working to protect users. Here are some recommendations for users to safeguard against such attacks:
- Be cautious of unsolicited messages: Avoid downloading apps or clicking on links from unknown or suspicious sources.
- Verify app sources: Only download apps from trusted sources, such as the Google Play Store.
- Regularly update security software: Ensure that your antivirus and security software are up to date to detect and prevent malware.
- Audit installed applications: Periodically review the apps installed on your device and remove any that are unnecessary or unfamiliar.
This incident underscores the growing threat landscape targeting mobile users and the importance of maintaining robust security practices to protect personal and financial information.
Indicators of Compromise
- b7209653e226c798ca29343912cf21f22b7deea4876a8cadb88803541988e941
- 7cf38f25c22d08b863e97fd1126b7af1ef0fcc4ca5f46c2384610267c5e61e99
- 745f32ef020ab34fdab70dfb27d8a975b03e030f951a9f57690200ce134922b8
- https[://]luyagyrvyytczgjxwhuv.supabase.co
- https[://]call-forwarder-1-default-rtdb.firebaseio.com
