Scammers using SMS forwarding apps to con bank customers in India


New Delhi, Jul 14 (IANS): Cyber-security researchers on Thursday said they have spotted a new phishing campaign that is targeting banking consumers in India via SMS forwarding apps.

The phishing site collects victim's banking credentials and personal identifiable information (PII), post which an Android SMS forwarding malware is downloaded to their devices, according to AI cyber-security firm CloudSEK.

The research team discovered several domains with the same modus operandi and templates.

"The banks should also take responsibility in raising awareness about such scams and educate their customers to prevent monetary as well as reputation loss," said Anshuman Das, Cyber Threat Researcher at CloudSEK.

As part of the hackers' modus operandi, the victims first fill out sensitive banking information such as card number, CVV number, and expiry date, on the fake complaint portal.

After the banking information is exploited, a malicious customer support application gets downloaded to the victim's devices.

"No logos or names of the Indian banks have been used in these phishing websites, in order to avoid suspicion and detection. Moreover, the malicious customer support application is not hosted on the Google Play Store or any of the third-party application stores," said the researchers.

The malicious application is then used to send all the incoming SMS to the scammer's C2 (command and control) server.

"Even if a user's accounts are secured by multi-factor authentication, threat actors can still use the app to gather private information, conduct illicit activities on the users' banking accounts, and access their other accounts," the researchers warned.

Researchers from CloudSEK discovered and examined an Android app that pretends to be a bank customer service app. This application requests the user for two permissions on their device to receive SMS and send SMS.

The application's source code is revealed to be available on Github. The application does not have any obfuscation or evasion mechanisms that makes it difficult for antivirus or other solutions to detect it.

After the app has been installed on a victim's mobile phone, any SMS containing an OTP received on the device is redirected to the target phone controlled by the threat actor, the report mentioned.

"It is important to be extra cautious when installing new applications. Download apps from reputable app stores like the Google Play store and the App Store only. After installing any application, be careful while granting permissions," said Das.

 

  

Top Stories

Comment on this article

  • Joel, Mangalore

    Thu, Jul 14 2022

    Don't click on unnecessary link and provide your private information on phone. No bank in India will call and ask for any information be it SBI, HDFC,etc. Be secure and help others be secure. Scammers are not smart but they take advantage of your innocence

    DisAgree Agree [1] Reply Report Abuse


Leave a Comment

Title: Scammers using SMS forwarding apps to con bank customers in India



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.