Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 8 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Android Banking Users Targeted With Fake Rewards Phishing Scam

Earlier today reports of an SMS-based phishing campaign were announced, targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application.

by Guru Writer
September 26, 2022
in Cyber Bites
Banking app
Share on FacebookShare on Twitter

Earlier today reports of an SMS-based phishing campaign were announced, targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application.

According to the Microsoft 365 Defender Research Team, the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank.

“The malware’s RAT capabilities allow the attacker to intercept important device notifications such as incoming messages, an apparent effort to catch two-factor authentication (2FA) messages often used by banking and financial institutions,” researchers Shivang Desai, Abhishek Pustakala, and Harshita Tripathi said.

In addition to this, the malware is equipped with the ability to steal SMSes, potentially enabling the attacker to swipe 2FA codes sent as text messages and gain unauthorized access to victim accounts.

Similarly to other social engineering attacks, familiar brand logos and names are used in the smishing message as well as the rogue app in a bid to give an illusion of legitimacy and trick the users into installing the apps.

The attacks are recognised as a continuation of an ongoing campaign that has distributed similar rewards-themed apps for other Indian banks such as the State Bank of India (SBI) and Axis Bank in the past.

Once the fraudulent app has been installed, it not only asks for extensive permissions, but also requests users to enter their credit/debit card information as part of a supposed sign-in process, while the trojan waits for further instructions from the attacker.

The app commands allow the malware to harvest system metadata, call logs, intercept phone calls, as well as steal credentials for email accounts such as Gmail, Outlook, and Yahoo.

“This malware’s continuing evolution highlights the need to protect mobile devices,” the researchers said. “Its wider SMS stealing capabilities might allow attackers to the stolen data to further steal from a user’s other banking apps.”

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Twitter Password Reset Bug Uncovered User Accounts

Next Post

Ukrainian Authorities Arrests Cybercrime Group for Selling Data of 30 Million Accounts

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information