Suspicious Text Messages Alert

Cybercriminals are targeting the users with sophisticated fake apps that can steal your hard-earned money.  These messages can appear convincingly real, making it difficult to differentiate from a legitimate bank message.

Usually smishing scams involve fake text messages to trick you into giving away personal information. These text messages might contain a link that seems official, but it actually leads to a phony website designed to steal your login details or other data.

The consequences can be serious. If scammers get their hands on your information, they could steal your money, impersonate you, or even use it for illegal activities. They might also harass you for more money.

Recently, we received a text message from an Indian mobile number that read “Dear CITI CARD HOLDER your order reward points of 8200 cash is successfully verified. Kindly Visit by today www.insbb.in CITI BANK -HARSHELECTRONIC” as shown in Figure 1. 

 Figure.1. Received Text Message

                                                           

When the user clicks the above mentioned link, it takes the user to a landing page where it says “Buy with points” as shown in Figure.2.

Figure.2. Landing Page of the link 

                                                            

Once the user clicks on the “Buy with points” option, it takes the user to another page where it asks the user to download their official app to redeem reward points. “Download Now” option downloads an app named “official.apk” as shown in Figure.3.

Figure.3. Malicious APK download

                                                                     

On installing the APK, it requests the user to enable the permission “install apps from unknown sources” (sources other than Google Play Store). After installation, it requests the user to grant permission to “Send and View SMS Messages” as shown in Figure.4. 

Figure.4. App requests permission

                                                       

Once the permission is granted, the app then asks for card details such as card number, expiry date, cvv and personal information such as Name, d.o.b, registered mobile number as shown in Figure.5. 

Figure.5. App Requests card detail
Figure.6. Login page

                       s                                    

After the details are entered and registered by the user as shown in  Figure.6, the app then says that the user will receive E-Vouchers in their registered email within 12 hours as shown in Figure.7.

Figure.7. Note from Malware Author

                                         

As the figures show, all of the collected banking related information of a user is enough to carry out financial fraud; obvious monetary loss to the victim. 

In order to overcome such unwanted scenarios, be on the lookout for:

  • emails or texts from unknown senders
  • unknown links offering cashback, attractive returns, quick loans, job offers
  • Where you are divulging personal information like passwords and credit card details 

We recommend Android users to,

  • Install a reputed security software like K7 Mobile Security
  • Never install apps from any third party sources apart from the official Play Store
  • Never opt to enable app installation from third party sources

IOC

Hash: 43FFBA7C8796DF1B30B99A798446D57D

App Name: official.apk

Detection name: Trojan ( 0001140e1 )

Link: www[.]insbb.in