Cybersecurity researchers are warning of “huge phishing campaigns” that distribute 5 completely different malware concentrating on banking customers in India.
“The financial institution prospects focused embrace account subscribers of seven banks, together with among the most well-known banks positioned within the nation and probably affecting tens of millions of consumers,” Trend Micro stated in a report printed this week.
Some of the focused banks embrace Axis Bank, ICICI Bank, and the State Bank of India (SBI), amongst others.
The an infection chains all have a typical entry level in that they depend on SMS messages containing a phishing hyperlink that urge potential victims to enter their private particulars and bank card info to supposedly get a tax refund or acquire bank card reward factors.
The smishing assaults, which ship Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy, are simply the most recent in a sequence of comparable rewards-themed malware campaigns which were documented by Microsoft, Cyble, and K7 Labs over the previous 12 months.
Elibomi, first documented by McAfee in September 2021, is engineered to steal private knowledge, take screenshots, and even seize the lock display code or sample by abusing Android’s accessibility API permissions, enabling it to grab management of the compromised gadgets.
The cellular malware has undergone quite a few revisions, with a brand new variant of Elibomi known as Drinik noticed impersonating the Income Tax Department of India to focus on customers of 18 completely different banks.
“Elibomi implements an overlay by including a view to the present window as an evasion method from customers, as an alternative of getting an overlay on different apps similar to financial institution purposes to steal customers’ credentials,” the researchers stated.
In an identical vein, the FakeReward and AxBanker banking trojans, as soon as put in, immediate the sufferer to grant it permissions to entry SMSes and notifications, that are then leveraged to exfiltrate incoming SMS messages. AxBanker additional shows faux pages to siphon bank card info.
The apps themselves are delivered via phishing web sites with domains much like that of their authentic counterparts, along with reusing the model logos to extend the probability of a profitable assault and trick the person into downloading the malicious app to get “prompt reward factors.”
The similarity in stolen knowledge and phishing themes however, Trend Micro stated there isn’t a concrete proof tying all these malware households to a single risk actor.
“While no different prospects exterior India have been focused by these malware households, phishing campaigns within the nation have considerably elevated and are more and more turning into adept at detection evasion,” Trend Micro famous.
“One potential cause for this uptick is the rising variety of new risk actors coming into the India underground market, bringing with them worthwhile enterprise fashions, and interacting with different malicious gamers to be taught, change concepts from, and set up connections.”