Another Malware In Play, Targets ICICI Bank Customers
Microsoft’s research department has disclosed that hackers are slipping robust malware into the mobile phones of ICICI Bank customers.
Furthermore, it can commandeer the incoming text messages, effectively inducing multi-factor authentication useless.
Interestingly, this is the same malware that targeted State Bank of India and Axis Bank customers in 2021.
Enticing Messages And Fatal Links
Notably, anytime you receive a text message alerting you that your reward points, amassed on your credit card transactions, are about to discontinue and should be instantly reclaimed, don’t click the link until you are sure of the sender’s genuineness.
Disguising as a banking rewards app, this new edition has supplementary remote access trojan capacities, is more obfuscated, and is presently being used to attack customers of Indian banks.
However, the SMS campaign sends out a message comprising a link that refers to the info-stealing Android malware.
The message mailed by the malware designers embodies a link, and on opening it, a counterfeit app in the name of the bank is installed on the user’s phone.
Accordingly, it asks for a variety of entry permissions, and a “log in” page opens, proposing the net banking credentials and the CVV numbers of a credit card.
Subsequently, when the bank sends a one-time password to the victim’s phone to facilitate a transaction, it is invaded by the malware and delivered to the hackers.
Microsoft Researchers Identified Hackers Tricks
Obtaining all text messages might allow the attackers to utilize the data to enhance their stealing range, particularly if any of them include other sensitive information such as SMS-based 2FA for email accounts, private identification like Aadhaar, or other financial-related information, the report said.
However, despite several attempts, ICICI Bank could not be reached for comments.
Worryingly, Microsoft’s investigation has found that the malware is also competent in accessing the phone’s call logs and contacts list as well as amending its audio settings.
Director general Madhukar Pandey, Maharashtra said, threat actors, are attracting people into clicking the link that installs harmful malware which can steer to financial loss, data theft, and identity theft.
Interestingly, the easiest trick to avoid this is to never click any SMS or WhatsApp link from an unidentified source.