Malicious banking apps can drain your funds, monitor calls and messages, and secretly track your device activity.
Most people checking their banking app focus on finances, not security threats. But in India, a growing number of Android users are being targeted by fake apps posing as legitimate banking platforms. CYFIRMA’s threat intelligence team has uncovered a malware campaign that uses deceptive Android apps to steal login credentials, empty bank accounts, and hijack communications. Although the exact banks aren’t named, the widespread use of mobile banking puts millions at risk.
These attacks begin with users unknowingly installing an infected APK file. The malware is often delivered through phishing messages, fake websites, malicious QR codes, or fraudulent app stores that mimic Google Play. Some apps even appear as system updates.
Once installed, the malware requests a wide range of permissions, granting it full access to the device. It can intercept texts, forward one-time passwords and two-factor authentication codes, and perform banking actions on the victim’s behalf. It can also monitor phone calls, initiate call forwarding, and run USSD codes used by mobile carriers.
To stay active, the malware disables battery optimizations and restarts automatically after reboots. It also uses notification access to spoof alerts or hide important messages like OTPs.
Experts at CYFIRMA stress the importance of staying alert and using strong security measures to combat these sophisticated threats. Be cautious about what permissions you grant to any app. Research shows that many popular apps, even from trusted industries, often request more access than they need. While some data collection is used for marketing, excessive permissions can open the door to serious cyberattacks.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
