Mobile banking trojan campaigns targeting WhatsApp and Telegram users in India

Microsoft has issued a warning about the ongoing mobile banking trojan campaigns targeting WhatsApp and other social media platform users in India for financial fraud.

Attackers are using these platforms to send messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations, such as banks, government services, and utilities, and then exfiltrating sensitive data including personal information, banking details, payment card information, account credentials, and more, the tech giant warned in a recent blog post.

The Microsoft Threat Intelligence researchers investigated two malicious applications that impersonated official banking apps. Notably, the legitimate banks themselves are not affected by these attacks directly, and these attacks are not related to legitimate banks’ own authentic mobile banking apps and security posture, Microsoft said.

In one of the cases, Microsoft security researchers found that the attacker shared a malicious APK file via WhatsApp with a message asking users to enter sensitive information in the app. Upon further investigation, they found that the APK file was malicious and interacting with it installed a fraudulent application on the victim's device. The installed app impersonates a legitimate local bank and disguises itself as the bank's official Know Your Customer (KYC) application to trick users into submitting their sensitive information. This information is then sent to a command and control (C2) server, as well as to the attacker's hard-coded phone number used in SMS functionality.

Microsoft recommends taking the following precautionary measures to prevent such threats:

• Install apps only from trusted sources and official stores, like the Google Play Store and Apple App Store and keep Install unknown apps disabled on the Android device to prevent apps from being installed from unknown sources.
• Avoid clicking on unknown links received through ads, SMS messages, emails, or similar untrusted sources.
• Use mobile solutions such as Microsoft Defender for Endpoint on Android to detect malicious applications

More details can be found here.