This post is also available in:
עברית (Hebrew)
A wave of sophisticated mobile malware is targeting Android users in India by disguising itself as legitimate banking applications. According to a late-July report from CYFIRMA’s threat intelligence team, the campaign is capable of fully compromising infected devices—stealing sensitive data, intercepting communications, and even conducting unauthorized financial transactions.
While the report does not name specific financial institutions being mimicked, it warns that the widespread adoption of mobile banking in India puts a significant portion of the population at risk.
The attack typically begins with a deceptive “dropper” app, distributed through phishing messages on WhatsApp, SMS, or email. These APK files are often disguised as system updates or official banking applications and may also be spread through malicious QR codes or cloned app stores that resemble Google Play.
Once the malware is installed, it seeks broad Android permissions that give it control over communications and system functions. This includes reading and sending SMS messages and intercepting two-factor authentication codes.
What makes this campaign especially dangerous is its ability to operate undetected. By bypassing Android’s battery optimization features, the malware ensures it stays active in the background, even after device reboots. It can also manipulate or hide notification content, including OTPs and banking alerts, making detection by users more difficult.
All captured data, including authentication tokens and SMS messages, are silently forwarded to a Database controlled by the attackers, giving them remote access to highly sensitive information.
This campaign serves as a reminder of how Android app permissions can be exploited. Many apps, even legitimate ones, request more access than necessary. Users are urged to install apps only from trusted sources, remain skeptical of unexpected messages requesting installations, and review permission requests carefully before granting access. In the current mobile threat landscape, vigilance remains the best defense.
