New Malware Target Users of Indian Banks To Steal Aadhar, PAN, ATM & Credit Card PINs

Malware based cybersecurity threat has emerging in India, targeting users of various Indian banks with a sophisticated malware campaign.

This campaign, discovered by the zLabs research team, involves nearly 900 malware samples designed to steal sensitive financial and personal data, including Aadhar numbers, PAN cards, ATM PINs, and credit card details.

Besides this, the campaign has been dubbed “FatBoyPanel” by the cybersecurity researchers.

Security analysts at Zimperium noted that all the malware samples were designed to deceive Android users and steal their sensitive financial and personal information.

Mode of operation

The malware is distributed through WhatsApp as APK files masquerading as legitimate government or banking applications.

Once installed, these apps deceive users into disclosing sensitive information by mimicking the user interface of real banking apps.

The malware exploits SMS permissions to intercept and exfiltrate messages, including one-time passwords (OTPs), facilitating unauthorized transactions.

This banker malware family has three distinct variants:-

SMS Forwarding: Captures and forwards stolen SMS messages to an attacker-controlled phone number.
Firebase-Exfiltration: Exfiltrates stolen SMS messages to a Firebase endpoint, which acts as a command-and-control server.
Hybrid: Combines both techniques, forwarding stolen SMS messages to a phone number and a Firebase endpoint.

Code snippet allowing the Banker sample to read the received SMS (Source – Zimperium)

A key component of the malware is its ability to intercept SMS messages

**Main banks targeted in this campaign (Source – Zimperium)**

The malware campaign has exposed sensitive data of approximately 50,000 users, including SMS messages from Indian banks, bank details, card details, and government-issued identification details.

Over 1,000 phone numbers used in this campaign have been identified, which will be shared with authorities to track the threat actors.

Distribution graphs (Source – Zimperium)

To protect against potential threats, users should verify app authenticity by only downloading banking apps from official app stores.

Make sure to enable multi-factor authentication (MFA) using measures like “OTPs” and “biometric authentication.”

Also remain cautious with links and attachments by avoiding suspicious ones or those from unknown sources.

So, the users must remain vigilant and take proactive steps to safeguard their personal and financial data.

Besides this, it is crucial for both individuals and institutions to stay informed and adapt their security measures accordingly.

(Couretsy: Zimperium)

Mode of operation

Leave a Reply Cancel reply

Related News

Data Protection Specialist Keepit, Expands footprint, new partnerships

Google Chrome Introduces AI to Block Malicious Websites & Downloads