Delete these fake applications on your mobile now: they only want to steal your bank details

Delete these fake applications on your mobile now

The world of cybercrime is constantly changing, changing the way it operates to try to catch new victims off guard and bypass certain security controls. Now some fake applications have been detected that steal your bank details when in theory they serve to give you rewards.

We are going to tell you how these fake apps operate so that you can take a look to see if you have them installed.

Fake rewards apps

The Microsoft 365 Defender threat intelligence team has reported the analysis of a series of mobile applications that, under the premise of banking rewards, what they really do is install a remote access Trojan (RAT) . The malware’s RAT capabilities allow the attacker to intercept important device notifications, such as incoming messages, an apparent effort to capture two-factor authentication (2FA) messages that are commonly used by banking and financial institutions by regulation.

Troyano

Some of the names of these fake applications are the following:

  • Axisbank_rewards.apk
  • Icici_points.apk
  • Icici_rewards.apk
  • SBI_rewards.apk

Fake apps ask for credit card information upon receiving all permissions . This should raise users’ suspicions about the app’s motive, as apps typically ask for sensitive information only through user-driven transactions, such as paying for purchases.

In addition, it also defines services that can run in the background without user interaction, such as reading phone status, sending and reading SMS, reading call log, changing audio settings, reading contacts, etc. The malware uses the MainActivity, AutoStartService, and RestartBroadCastReceiverAndroid functions to carry out most of its routines. These three functions interact to ensure that all of the malware’s routines are up and running and allow the application to remain persistent on the mobile device .

They steal authentication SMS

This malware detects the remote attacker’s SMS sending activities, it is highlighted from the list of commands. Many banking apps require two-factor authentication (2FA), often sent via SMS messages. This malware that enables silent mode on an infected device allows attackers to capture 2FA messages undetected , making information theft even easier.

verificacion en dos pasos 2fa

The malware steals all SMS messages from the mobile device’s inbox . It collects all received, sent, read and even unread messages. Collecting all SMS messages could allow attackers to use the data to expand their range of theft, especially if any message contains other sensitive information, such as SMS-based 2FA for email accounts, other online services, social networks, etc. .

Its ability to intercept one-time passwords (OTPs) sent via SMS thwarts the protections provided by banks’ two-factor authentication mechanisms, which users and institutions rely on to keep their transactions secure.