Android Malware Targets Indian Banking Users to Steal Financial Info and Mine Crypto

McAfee Mobile Research details an Android malware campaign targeting Hindi-speaking users (primarily in India) that lures victims with phishing sites impersonating banks to install a dropper APK; the dropper dynamically loads a second-stage payload that harvests cardholder data and, upon receiving specific Firebase Cloud Messaging commands, executes a Monero mining binary (XMRig-compatible) in the background. The report provides technical analysis of the two-stage loader, execution of an encrypted native miner, telemetry showing infections concentrated in India, a set of IOCs (APK hashes, phishing URLs, FCM account), and user-focused mitigation guidance.