© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
A new phishing campaign targeting Indian banking customers has been discovered where phishing sites collect victims’ banking credentials and personally-identifiable information (PII). After the details are stolen, an Android SMS forwarding malware is downloaded to their devices as well. This was discovered by CloudSEK’s Threat Research and Information Analytics, which discovered several domains working on the same template.
The phishing attempt starts when victims arrive at the malicious websites through some means, usually through social engineering. Attackers could send the link to the sites in an SMS that is made to look like it is coming from a bank or other service provider. They typically create a sense of urgency so that users don’t take time to think before clicking on the link. Such domains identified by the researchers pose as fake complaint portals.
After installation, the malicious application is then used to send all incoming messages on the victims’ phones to the servers controlled by the scammer. The attackers haven’t used logos or names of Indian banks in order to avoid attracting suspicion and detection. The malicious app is not hosted on the Google Play Store or any third-party application stores.
An analysis of the application’s source code revealed that the malicious application is based on an open software Github project called “SMS-Forward.” Scammers can leverage the combination of the information they get and the OTP from the users’ phones in order to conduct unauthorised banking transactions and other malicious actions.
