Android Malware Promises Energy Subsidy to Steal Financial Data

McAfee discovered an active Android phishing campaign targeting Indian users by impersonating a government electricity subsidy service. Attackers lure victims with YouTube videos linking to a GitHub-hosted phishing site and APK; the installed malware (PMMBY) installs an embedded malicious APK, requests aggressive permissions, exfiltrates SMS and UPI/banking credentials to attacker-controlled endpoints, propagates via smishing to contacts, and accepts remote commands via Firebase. The campaign leverages social engineering, offline installation techniques, and legitimate platforms (YouTube, GitHub, Firebase) to evade detection and scale distribution; McAfee reported the apps and repositories to platform owners and its mobile security product detects the threat.