Fake Android Money Transfer App Targeting Bengali-Speaking Users

McAfee Mobile Research identified an active Android malware campaign targeting Bengali-speaking expatriates by posing as popular remittance apps (e.g., TapTap Send, AlimaPay). Distributed via phishing sites and fake Facebook pages, the malicious app collects personal details, photo IDs, credentials, and payment data through multi-step registration flows and transmits them to a command-and-control server whose directory listing is publicly accessible; telemetry shows infections across countries with large Bangladeshi populations, and McAfee detects the threat as Android/FakeApp.