Summary: A sophisticated phishing campaign in India is utilizing fake banking apps to steal sensitive financial information from users. With almost 900 malware samples linked to about 1,000 phone numbers, the attack targets individuals via infected APK files disguised as legitimate banking applications. Researchers highlight that the fraud’s success is attributed to outdated mobile devices and the attackers’ familiarity with the local market dynamics.

Affected: Indian banking institutions and their customers

Keypoints :

• Nearly 900 malware samples are being used to impersonate major Indian banks.
• The malware intercepts SMS-based one-time passwords and redirects them to attackers.
• The campaign predominantly targets individuals in eastern Indian states, leveraging outdated devices.