Microsoft has issued a warning to WhatsApp users in India about the growing threat of mobile banking trojan campaigns. These campaigns target users through social media messages, primarily on platforms like WhatsApp and Telegram.
According to Microsoft, attackers are using social engineering tactics, impersonating legitimate organizations such as banks, government agencies, and utilities, to trick users into downloading malicious apps onto their Android devices. Once installed, these fraudulent apps steal sensitive information, including personal details, banking credentials, payment card data, and account login details.
What is the threat
Mobile malware is not a new threat, but it continues to be a significant concern for users due to the potential risks it poses. Mobile banking trojans are particularly dangerous as they can lead to unauthorized access to personal information, financial losses, privacy breaches, device performance issues, and data theft or corruption.
Microsoft has warned users about one such ongoing malware campaign targeting Indian WhatsApp users. According to Microsoft’s official security blog, the campaign has shifted its focus to directly sharing malicious APK files with Indian mobile users. These files masquerade as official banking apps, exploiting the trust users place in legitimate organizations. Although the attacks do not directly impact genuine banks, cybercriminals often target customers of large financial institutions by impersonating these entities.
Beware of these messages on WhatsApp
During its investigation into these viral malicious scam messages on WhatsApp, Microsoft has identified two specific malicious applications targeting Indian banking customers.
The first case involves a fake banking app designed to steal account information. Users receive a WhatsApp message urging them to update their Know Your Customer (KYC) information using a provided APK file.“Your [redacted] BANK Account will be Blocked Today please update your PANCARD immediately open [redacted]-Bank.apk for update your PANCARD. Thank You,” cites one of the WhatsApp messages shared by Microsoft.
Upon installation, the app impersonates a legitimate bank’s KYC application, tricking users into divulging sensitive information. The stolen data is then sent to a command-and-control server controlled by the attacker.
The second case involves a fraudulent app targeting payment card details. Users are prompted to grant SMS-based permissions, after which the app collects personal information and credit card details. This information is subsequently sent to the attacker’s command-and-control server.
