Date: 12/13/2024
Severity: Medium
Summary
"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India" discusses the discovery of a new Android banking trojan targeting Indian users, identified by McAfee Mobile Research Team. This malware disguises itself as utility or banking apps, such as gas or electricity services, to steal sensitive information. The trojan exploits the urgency of utility-related messages, like warnings about service disconnections, to trick users into acting quickly. So far, it has infected 419 devices, intercepted nearly 5,000 SMS messages, and stolen over 600 pieces of bank-related personal information. McAfee Mobile Security detects the threat as Android/Banker, with numbers expected to rise as campaigns continue.
Indicators of Compromise (IOC) List
URL/Domain | https://luyagyrvyytczgjxwhuv.supabase.co https://call-forwarder-1-default-rtdb.firebaseio.com |
Hash |
b7209653e226c798ca29343912cf21f22b7deea4876a8cadb88803541988e941
7cf38f25c22d08b863e97fd1126b7af1ef0fcc4ca5f46c2384610267c5e61e99
745f32ef020ab34fdab70dfb27d8a975b03e030f951a9f57690200ce134922b8 |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 | userdomainname like "https://luyagyrvyytczgjxwhuv.supabase.co" or url like "https://luyagyrvyytczgjxwhuv.supabase.co" or userdomainname like "https://call-forwarder-1-default-rtdb.firebaseio.com" or url like "https://call-forwarder-1-default-rtdb.firebaseio.com" |
Detection Query 2 |
sha256hash IN ("745f32ef020ab34fdab70dfb27d8a975b03e030f951a9f57690200ce134922b8","7cf38f25c22d08b863e97fd1126b7af1ef0fcc4ca5f46c2384610267c5e61e99","b7209653e226c798ca29343912cf21f22b7deea4876a8cadb88803541988e941") |
Reference:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india/