November 21, 2023 at 03:18AM
A new malware campaign in India targets Android smartphone users through social engineering. Attackers send messages on platforms like WhatsApp and Telegram, impersonating banks and government services. They entice users to install a fraudulent app that steals sensitive data and banking details. The app also intercepts one-time passwords (OTPs) and hides its icon on the user’s device. Users should be cautious about enabling unknown sources for app installation. Google and Samsung have introduced security measures to combat Android malware.
Summary:
Android smartphone users in India are being targeted by a new malware campaign that tricks users into installing fraudulent apps. Attackers are using social media platforms like WhatsApp and Telegram to send messages impersonating legitimate organizations, such as banks and government services, to lure users. The malware aims to capture sensitive data including banking details, payment card information, and account credentials. The attack involves sharing malicious APK files disguised as banking apps and prompting users to enter their personal information. Once installed, the app hides itself and requests permission to read and send SMS messages in order to intercept one-time passwords. Microsoft researchers have discovered variants of the malware that also steal credit card details and personally identifiable information. Users need to enable the option to install apps from unknown sources for these attacks to be successful. Google and Samsung have implemented new security features to combat Android malware. It is advised that users check the legitimacy of app developers, review permissions requested by apps, and only download from trusted sources.