Fraudsters using WhatsApp to spread malware-laced fake banking apps

Thanks to simple Unified Payment Interface (UPI)-based banking apps, millions of Indians are making more digital transactions ever before. Last month, the National Payments Corporation of India (NPCI) recorded close to 1,124 crore digital cash transactions worth around Rs 17.4 lakh crore value, more than 53 per cent compared to the previous same period.

However, people are advised to exercise caution as fraudsters have come up with ingenious ways to create fake banking apps with genuine-looking company insignias and typefaces. They are circulating them on WhatsApp, Telegram, and other social messenger apps to prey on naive smartphone users, reported the McAfee Mobile Security research team.

Bad actors use primal emotions such as fear and panic to emotionally weaken the potential victims. For instance, they send a warning with a message reading-- 'Your bank account will get locked soon, as you have not done mandatory Know Your Customer (KYC) registration. For verification, download this app or else you won't be able to withdraw or transfer cash from the bank account.' And, they will share an Android Package Kit (APK) download file link to the victim's WhatsApp number to install it on the device.

.DH Deciphers | 'FedEx' scam: What is it and why is it hard for police to bust it? . Most Citizens who lack awareness about online fraud, will follow the instructions of the criminal and install the malware-laced app. The latter looks the same as the original Banking app with a similar logo such as State Bank of India (SBI), as seen in the screenshot below.

. Latest Android phones and even WhatsApp and other apps too give out a warning to be careful when downloading an APK file, but the panic-stricken victim ignores such alerts and installs it.

. And, once inside the phone, the app camouflages into a benign banking app and then begins to ask permission to access call logs, SMS, and contact list. And, finally, it asks the user to log in to the SBI account and here the User ID and password gets copied by the trojan-laced app.

. It will flash the KYC form and here, it will ask full name, birthday, Aadhaar card number, Permanent Account Number (PAN), email address, and Credit/debit card details. And, then it flashes a fake validation message.

Then, with all the aforementioned critical details, fraudsters clean the bank account before the victims realise what hit them.

. Tips on how to safeguard yourself from trojan-laced fake Android banking apps:

1) Always install apps directly from the Google Play Store only.

2) Users can also go to the official bank company website and download the apps there.

3) Never install APK files shared on messenger apps such as Telegram or WhatsApp or from any SMS app.

4) It is good practice to install anti-virus apps on smartphones for early detection of fake apps and suspicious activities

5) It goes without saying, never share personal or financial details or OTP to unknown people via messages or on phone calls. No bank executives or Income Tax officials call or send messages seeking personal details. If any queries in mind, just go to the nearby bank office.

.Fake Netflix, YouTube, Instagram apps with DogeRAT malware detected. Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech .

Fraudsters using WhatsApp to spread malware-laced fake banking apps

Follow us on :

Follow Us