A New Android Banking Trojan Masquerades as Utility and Banking Apps in India
ID: c03ab955-528e-5747-b570-d883a5f4f796
STIX ID: report--c03ab955-528e-5747-b570-d883a5f4f796
Feed Name: McAfee Labs Blog
Threat Score
McAfee Mobile Research identified an Android banking trojan campaign targeting Indian users by impersonating utility and banking apps (distributed via WhatsApp and phishing), which harvests SMS messages and financial credentials and exfiltrates them to a Supabase instance using a hard-coded JWT; investigators recovered 5,558 records (4,918 SMS and 623 card/bank entries), found 419 infected devices, multiple package variants, APK SHA256s, a Supabase domain and a Firebase Realtime Database used for C2 management.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.