An SMS phishing campaign is targeting Indian banking customers with information-stealing malware that masquerades as a rewards app.
The Microsoft 365 Defender research team said the messages contain links that redirect users to a sketchy website that triggers the download of the fake bank rewards app for ICICI Bank.
“The malware’s RAT capabilities allow the attacker to intercept important device notifications such as incoming messages, an apparent effort to intercept two-factor authentication (2FA) messages often used by banking institutions and financial,” said researchers Shivang Desai, Abhishek Pustakala and Harshita Tripathi. said.
Additionally, the malware is equipped with the ability to steal text messages, potentially allowing the attacker to slip 2FA codes sent as text messages and gain unauthorized access to victims’ accounts.
Like other social engineering attacks, familiar logos and brand names are used in the smishing message as well as the malicious app in an attempt to give an illusion of legitimacy and trick users into installing the apps.
The attacks are also part of the continuity of a current campaign which has distributed similar rewards-themed apps for other Indian banks such as State Bank of India (SBI) and Axis Bank in the past.
Once installed, the rogue application not only asks for extended permissions, but also asks users to enter their credit/debit card information as part of a supposed login process, while the Trojan waits for other instructions from the attacker.
These commands allow the malware to harvest system metadata, call logs, intercept phone calls, and steal credentials from email accounts such as Gmail, Outlook, and Yahoo.
“The continued evolution of this malware highlights the need to protect mobile devices,” the researchers said. “Its broader SMS-stealing capabilities could allow data-stealing attackers to further steal a user’s other banking apps.”