State Bank of India, ICICI, HDFC, Axis Bank and Punjab National Bank (PNB) customers have been warned about a serious security flaw. According to a recent report, cybercriminals are trying to lure Indian users to disclose important personal information using the mobile apps of the aforementioned banks. The report suggests that suspicious messages prompted users to submit an application for disbursement of the income tax refund.
The cybercriminals are attaching a link with these messages that looks like an income tax e-filing web page. While users believe that this could benefit them, the hackers take advantage here to extract information from the users. The banking apps that have been targeted include State Bank of India (SBI), ICICI, HDFC, Axis Bank and Punjab National Bank (PNB).
The report further claims that the links belong to the US and France giving us a hint at the location of these hackers. It has also been said that the campaign is collecting personal as well as banking information from users and that users are likely to suffer a huge financial loss due to this type of trap.
Furthermore, the report claims that all IP addresses associated with the campaign belong to some third party cloud hosting providers. The entire campaign uses the normal or plan HTTP protocol instead of secure HTTP. This means that anyone on the network or the Internet can intercept traffic and obtain confidential information in normal text format to misuse against the victim.
How does it work?
Using malware in these banking apps, the hackers ask users to download an application from a third-party source instead of the Google Play Store. This application then asks the administrator to grant all rights and allow unnecessary use of the device. When the link is opened, ITR users are redirected to a landing page, which looks similar to the official government income tax e-filing websites.
Now, the users are asked to click on the green colour and proceed to the verification steps. Users are asked to submit personal information such as their full name, PAN number, Aadhaar number, address, PIN code, date of birth, mobile number, email address, gender, marital status and banking. Apart from this, they are also asked to fill in information such as account number, IFSC code, card number, expiration date, CVV and card PIN. All of this information is being directly transferred to cybercriminals.