VERY IMPORTANT

A mobile malware campaign targeting Indian banks has been uncovered, comprising nearly 900 samples aimed at Android devices. The malware, distributed via WhatsApp as fake government or banking apps, steals sensitive financial and personal data, including Aadhar and PAN card details, credit card information, and banking credentials. It intercepts SMS messages, including OTPs, to facilitate unauthorized transactions. The campaign uses three variants: SMS forwarding, Firebase exfiltration, and a hybrid approach. Over 222 exposed Firebase storage buckets contained 2.5GB of stolen data from an estimated 50,000 users. The malware's phone numbers were traced to West Bengal, Bihar, and Jharkhand. The campaign impersonates various Indian banks and government schemes to increase its reach.