New Delhi: Cyber-security researchers on Thursday said they have spotted a new phishing campaign targeting banking consumers in India through SMS forwarding apps. According to AI cyber-security firm CloudSEK, the phishing site collects victims’ banking credentials and personally identifiable information, after which an Android SMS forwarding malware is downloaded to their devices. The research team discovered several domains with similar functionality and templates.
“Banks should take the responsibility of raising awareness about such scams and educating their customers to prevent loss of money as well as reputation,” said Anshuman Das, Cyber Threat Researcher at CloudSec. Under the hackers’ modus, victims first enter sensitive banking information such as card number, CVV number and expiry date on the fake complaint portal. (Also read: Mumbai: Cyber fraudster duped woman’s bank of Rs 3.77 lakh for selling furniture)
After exploiting banking information, a malicious customer support application is downloaded to the victim’s device. “These phishing websites do not use any logos or names of Indian banks for the avoidance of suspicion and identification. Furthermore, the malicious customer support application is not hosted on the Google Play Store or any third party application store is,” the researchers said.
The malicious application is then used to send all incoming SMS to the scammer’s C2 (Command and Control) server. The researchers cautioned, “Even if a user’s accounts are protected by multi-factor authentication, threat actors may use the app to collect personal information, conduct illegal activities on users’ banking accounts, and access their other accounts.” Can be used.”
Researchers at CloudSEK discovered and tested an Android app that pretends to be a bank customer service app. This application requests the user for two permissions on his device to receive SMS and send SMS. (Also read: Android users alert! New malware lets users subscribe to premium services without knowing)
The source code of the application is revealed to be available on Github. The application has no objection or piracy mechanism that makes it difficult to detect by antivirus or other solutions. Once the app is installed on the victim’s mobile phone, any SMS containing OTP received on the device is redirected to the target phone controlled by the threat actor, as noted in the report. Das said, “It is important to be extra careful while installing new applications. Download apps only from reputed app stores like Google Play store and App Store. After installing any application, be careful while granting permissions.”