Fake Banking Rewards Apps Install Info-stealing RAT on Android Phones

Microsoft 365 Defender Research Team has published its findings on a new version of a previously reported info-stealer Android malware, highlighting that threat actors continuously evolve their attack spectrum.

Research Findings


According to Microsoft researchers, the malware is delivered in a currently active SMS campaign and masqueraded as a banking rewards app. The campaign’s primary targets are Indian bank customers. It starts with threat actors sending out messages containing a URL that basically lures the recipient into downloading the malware.


Upon user interaction, it displays a splash screen with the bank logo and proceeds to ask the user to enable specific permissions for the app.


The infection chain starts with an SMS message requesting the recipient to claim a reward from an Indian bank. This message contains a malicious link redirecting the user to downloading a fake banking rewards application. This app is detected as: “TrojanSpy:AndroidOS/Banker.O”


The app’s C2 server is linked to 75 different malicious APKs, all of which are based on open-source intelligence. The research team identified many other campaigns targeting Indian bank customers, including:


  • Icici_points.apk

  • Icici_rewards.apk

  • SBI_rewards.apk

  • Axisbank_rewards.apk

  • Their research revolved around icici_rewards.apk, represented as ICICI Rewards. The malicious link inside the SMS message installs the APK on the recipient’s mobile device. After installation, a splash screen displaying the bank logo asks the user to enable specific permissions for the app.



    ..

    Support the originator by clicking the read the rest link below.