Indian banks are currently targeted by an SMS-based phishing attack that contains an infostealing malware that portrays itself as a banking rewards application. Researchers stated that the phishing messages had links that guided unsuspecting targets to a malicious website that triggered the download of the fake banking rewards app for ICICI Bank.
In addition, the researchers revealed that the malware’s remote access trojan (RAT) could enable its operators to intercept important notifications like incoming messages. Hence, messages such as 2FA codes commonly employed by banking institutions and the financial sector might be compromised by threat actors.
The infostealing malware could potentially steal one of the most vital parts of a security defence mechanism.
The infostealing malware has several abilities, such as stealing messages, implying that an attacker could swipe 2FA codes sent as a text message. This ability could allow the attacker to acquire unauthorised access to targeted accounts.
Moreover, well-known names and famous brand logos are included in the SMS phishing message to increase the authenticity of every attack, like other social engineering campaigns. These tactics will let the rogue app give the target a false sense of realism to prompt them into installing the application.
Cybersecurity experts also claimed that these attacks continue a current cybercriminal campaign that has disseminated similar rewards-themed apps for other financial institutions in India.
Several well-known banks in India are believed to be the targeted institutions by these campaigns.
Once the user is deceived into installing the fraudulent app, it will immediately run several tasks. One of the tasks executed by this app is to ask for extensive permissions to the targeted device. It also requests targets to provide their credit or debit card information as a sign-in process.
These asked credentials are then exfiltrated as the trojan waits for further instructions. Subsequently, commands relayed to the malware could allow it to harvest system data, intercept phone calls, and gather call logs.
Researchers have also stated that the infostealing malware could exfiltrate credentials from multiple well-established accounts such as Outlook, Yahoo, and Gmail.
