Financial sector has been deeply hit by various mobile malware and with fake apps doing the rounds, it becomes difficult for banking users to verify the authenticity of the same, unless very cautious. This blog is written along similar lines and is a warning to mobile banking users, especially ICICI Bank users in India. 

Recently, we received a WhatsApp message from an Indian mobile number saying “Dear user your ICICI bank Account will be blocked! 9:30,PM Today please update your PAN CARD immediately Open ICICI,Bank apk” along with an APK file (appearing to be a banking app) for download as shown in Figure 1. 

Figure 1: WhatsApp message from the Threat actor

On installing the APK, it requests the user to enable the permission “install apps from external sources” (sources other than Google Play Store). After installation, the malware uses the ICICI bank’s logo and the name as shown in Figure 2. 

Figure 2: Fake App icon and Permission to install app from WhatsApp

Once the user grants the permissions requested by this fake app to send and read SMS, this app asks the user to enter the bank related user details, card details and online banking details as shown in Figures 3. 

Figure 3: Request to enter victim’s banking related information

After the details are entered by the user, the app asks the user to wait for 30 minutes to verify the details as shown in Figure 4. 

Figure 4: Note from the malware author 

All the harvested information stored as a JSON object is then sent as an SMS to an Indian mobile number as shown in Figure 5. 

Figure 5: Collected data sent via SMS

From the above malware actions, it is clear that the threat actor behind the same could possibly be from India and be an Indian native language speaker as the actor was seen using an Indian mobile number. 

As the figures show, all of the collected banking related information of a user is enough to carry out financial fraud; obviously monetary loss to the user. 

In order to overcome such unwanted scenarios, we recommend Android users to

  1. Install a reputed security software like K7 Mobile Security
  2. Never install apps from any third party sources apart from the official Play Store
  3. Never opt to enable app installation from third party sources

IoCs 

Hash: 4DB3B5A13F68D4D34DB6DADB3CD31F1B 

App Name: ICICI –BANK.apk 

Detection name: Trojan ( 005a959e1 )

Like what you're reading? Subscribe to our top stories.

If you want to subscribe to our monthly newsletter, please submit the form below.

    0 replies on “Alert: Banking Users in Dire Straits”