Alarm! Scammers using SMS forwarding apps to scam bank customers in India

NEW DELHI: Cyber ​​secu­ri­ty researchers said Thurs­day they had dis­cov­ered a new phish­ing cam­paign tar­get­ing bank cus­tomers in India via SMS for­ward­ing apps. Accord­ing to AI cyber­se­cu­ri­ty firm Cloud­SEK, the phish­ing site col­lects vic­tims’ bank­ing details and per­son­al infor­ma­tion after Android SMS for­ward­ing mal­ware is down­loaded onto their devices. The research team dis­cov­ered mul­ti­ple domains with the same prac­tices and templates.

“Banks should also take respon­si­bil­i­ty for rais­ing aware­ness of such scams and edu­cat­ing their cus­tomers to pre­vent loss of mon­ey and rep­u­ta­tion,” said Anshu­man Das, cyber threat researcher at Cloud­SEK. As part of the hack­ers’ oper­a­tion, vic­tims first enter sen­si­tive bank­ing infor­ma­tion such as card num­ber, CVV num­ber, and expi­ra­tion date on the fake com­plaints por­tal. (Also read: Mum­bai: Cyber ​​Scam­mer Skims Rs 3.77 lakh From Wom­an’s Bank To Sell Furniture)

After bank­ing details are exploit­ed, a mali­cious cus­tomer sup­port appli­ca­tion is down­loaded onto vic­tim’s devices. “No logos or names of the Indi­an banks were used on these phish­ing web­sites to avoid sus­pi­cion and detec­tion. Fur­ther­more, the rogue cus­tomer sup­port appli­ca­tion is not host­ed on Google Play Store or any of the third par­ty appli­ca­tion stores. ’ said the researchers. 

The mali­cious appli­ca­tion is then used to send all incom­ing SMS to the scam­mer’s C2 (Com­mand and Con­trol) serv­er. “Even if a user’s accounts are secured by mul­ti-fac­tor authen­ti­ca­tion, attack­ers can still use the app to col­lect pri­vate infor­ma­tion, con­duct ille­gal activ­i­ties on users’ bank accounts, and access their oth­er accounts,” the researchers warn. 

Cloud­SEK researchers dis­cov­ered and inves­ti­gat­ed an Android app pre­tend­ing to be a bank’s cus­tomer ser­vice app. This appli­ca­tion prompts the user for two per­mis­sions on their device to receive SMS and send SMS. (Also read: Android Users Warn­ing! New Mal­ware Sub­scribes Unknow­ing Users to Pre­mi­um Services)

The source code of the appli­ca­tion is appar­ent­ly avail­able on Github. The appli­ca­tion has no obfus­ca­tion or eva­sion mech­a­nisms that make it dif­fi­cult for antivirus or oth­er solu­tions to detect it. After the app is installed on a vic­tim’s cell­phone, any SMS received on the device is for­ward­ed with an OTP to the tar­get phone con­trolled by the attack­er, the report said. “It’s impor­tant to be extra care­ful when installing new appli­ca­tions. Only down­load apps from rep­utable app stores like Google Play Store and App Store. After installing an appli­ca­tion, be care­ful when grant­i­ng per­mis­sions”, said that.