Financial sector has been deeply hit by various mobile malware and with fake apps doing the rounds, it becomes difficult for banking users to verify the authenticity of the same, unless very cautious. This blog is written along similar lines and is a warning to mobile banking users, especially ICICI Bank users in India.
Recently, we received a WhatsApp message from an Indian mobile number saying “Dear user your ICICI bank Account will be blocked! 9:30,PM Today please update your PAN CARD immediately Open ICICI,Bank apk” along with an APK file (appearing to be a banking app) for download as shown in Figure 1.
On installing the APK, it requests the user to enable the permission “install apps from external sources” (sources other than Google Play Store). After installation, the malware uses the ICICI bank’s logo and the name as shown in Figure 2.
Once the user grants the permissions requested by this fake app to send and read SMS, this app asks the user to enter the bank related user details, card details and online banking details as shown in Figures 3.
After the details are entered by the user, the app asks the user to wait for 30 minutes to verify the details as shown in Figure 4.
All the harvested information stored as a JSON object is then sent as an SMS to an Indian mobile number as shown in Figure 5.
From the above malware actions, it is clear that the threat actor behind the same could possibly be from India and be an Indian native language speaker as the actor was seen using an Indian mobile number.
As the figures show, all of the collected banking related information of a user is enough to carry out financial fraud; obviously monetary loss to the user.
In order to overcome such unwanted scenarios, we recommend Android users to
- Install a reputed security software like K7 Mobile Security
- Never install apps from any third party sources apart from the official Play Store
- Never opt to enable app installation from third party sources
App Name: ICICI –BANK.apk
Detection name: Trojan ( 005a959e1 )