The McAfee Mobile Research Team discovered a new Android banking trojan that is targeting Indian users, posing as important services, such as banking and utility apps.
The malware made to appear as an app for paying gas bills, and will ask the user for personal and financial information.
The Malware infected 419 devices, intercepted 4,918 SMS messages, and stole 623 entries of card or bank-related personal information, according to McAfee.
The malware uses social engineering tactics to trick users into installing a malicious APK, mainly via messaging platforms like WhatsApp.
The malware exposed a number of Supabase open source database service records, which store information on 4,918 SMS messages and 623 entries of card and bank related personal data.
Investigation of the database records led to finding eight unique package prefixes that can describe the focus areas of the malware, and at least two different scam variants within this.
The malware author uses an app to manage the C2 infrastructure via a mobile device, which can send commands to forward messages from victims' active phones.
Users should be wary of text messages from people they don't know and update their apps for protection against new types of malware.
Employing McAfee Mobile Security could also provide protection against such sophisticated threats.
Indicators of Compromise (IOC) have been released to alert those that may have been victimized.