Shielding Against Android Phishing in Indian Banking

This report analyzes Android/Banker.AFX, a banking trojan distributed via WhatsApp lures that presents a fake KYC app to Indian users, collects PII (name, DOB, Aadhar, PAN, CIF, account and card details), requests SMS read permission to intercept OTPs, and exfiltrates data using Firebase (wss://s-usc1a-nss-2003.firebaseio.com). The blog provides static analysis (permissions, package hello.uwer.hello.hello.google.is.the.best), sample hashes, telemetry (McAfee detections), indicators of compromise, and recommended mitigations such as avoiding third-party APKs and using mobile security solutions.