YouTube player

Security researchers have uncovered a malware campaign to steal sensitive information from Android smartphone users in India. This is Edwin Kwan from Sydney Australia. Microsoft threat intelligence researchers said that the campaign is using social media platforms like WhatsApps and Telegram to lure users into installing a malicious app by impersonating legitimate organisations, such as banks, government services and utilities. The malicious app is presented as banking apps and the attackers would induce a sense of urgency in the users, such as claiming that their bank accounts will be blocked unless they update their permanent account number (PAN) issued by the Indian Income Tax Department on the app that they are sharing via social media. The campaign’s goal is  to steal banking information, payment card information, account credentials and other personal data. Upon installing the app, the user is urged to enter those information, which will be send to the attacker’s server. This is another reminder to only download app from trusted sources, such as Google Play, and to check the legitimacy of the app developers, scrutinise reviews and review the permissions requested by the app.

This segment was created for the It’s 5:05 podcast