Microsoft identified a campaign luring Indian Android users to install trojanized banking applications delivering an information stealer. The threat actor - which remains to be identified - leveraged complex social engineering via WhatsApp and Telegram. Besides the installation of a trojan, the malicious applications impersonate legitimate Indian banking services and, upon launch, simulate a know-your-client process which enables the threat actor to steal personally identifiable information of the victims at the very beginning of the attack chain. Additional information compromise derives from the accesses the users grant onto the device data, including SMS and storage access.
Clipeus