Indian Banking Apps Hit By Malware; Hackers Are Stealing User Data!

Indian Banking Apps Hit By Malware; Hackers Are Stealing User Data!

Indian Banking Apps Hit By Malware; Hackers Are Stealing User Data!

Earlier versions have impersonated other popular apps.

"Twelve Indian banks" customers are at risk as security researchers have spotted a malicious Android malware that steals banking information from users' phones. "Always keep your device OS and mobile security app up-to-date", the IT security firm said.

In order to have the greatest chance of staying safe from malware, Symantec recommends Android users stick to downloading apps from Google Play - although it isn't unknown for malicious apps to find their way into the official Android store.

A number of apps run by prominent Indian banks like the State Bank of India, Axis Bank, HDFC Bank, ICICI Bank, IDBI Bank, Union Bank of Commerce, and Bank of Baroda have so far been targeted by the trojan.

Uber has spoken to Engadget about this matter and they mentioned that users would actually have to download an infected app in order for Fakeapp to take over the Uber app.

After the completion of app installation, the icon will not appear to the users even though he/she taps on it.


After the initial setup, the app runs in the background and looks for 232 particular apps (mostly banking and some cryptocurrency apps).

The malware is a variant of FakeApp, an Android trojan that attackers have been using to display advertisements and collect information from compromised devices since 2012. If it accesses any of these apps from a user's smartphone, it generates a fake notification sent on behalf of the banking app.

Once any of the targeted apps is found on the device, the app shows fake notifications disguised as coming from the targeted app and asks users to log in with their credentials and ultimately, tricks them by stealing their login ID and password.

Alongside passwords, one aim of the software - which is circulating on third-party markets - is to steal credit card details, which are often entered into mobile applications.

'When a customer has to enter sensitive information such as a PIN or one-time password into the same channel where they had logged in to their online banking platform or initiated a payment, for example, it enables a fraudster listening in on or tracking that channel to capture the sensitive information, ' he adds. Hence it can get the OTP even though if we have kept two-factor authentication to our bank account.

As an extra precaution, go through the list of permissions every app requests from you during installation.

Related news



[an error occurred while processing the directive]