Mobile Banking Trojans Targets Users in India via IM Apps

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Microsoft Threat Intelligence researchers have identified new mobile banking trojan campaigns targeting users in India. Distributed primarily through platforms like WhatsApp and Telegram, they impersonate legitimate entities like banks, utilities, and governments to lure victims into installing the malicious apps on their mobile devices.

Once installed, the fake apps steal sensitive information from the victims, including personal details, payment card information, banking details, and account credentials.

In a recent advisory, Microsoft disclosed a shift in the threat actors’ tactics, tools, and procedures (TTPs). From the usual technique of sharing malicious links, the new campaign focuses on distributing malicious APK files directly to Indian mobile users through instant messaging (IM) apps.

The current investigation focuses on two different fraudulent software disguised as Indian banking applications.

The first malware distributed via WhatsApp, is a phishing campaign disguised as a legitimate bank’s KYC-related (Know Your Customer) application. It’s designed to steal a users’ sensitive information, such as debit card details and bank account credentials. The collected data is then exfiltrated and transmitted to the hacker-controlled command-and-control (C2) server and phone number.

The app can also run undetected in the background, while hiding its icon from the home screen. It even tricks the user into allowing dangerous permissions like launcher activity and ‘’send and receive SMS’’.

The second malware involves a fake banking application that tricks users into sharing payment card details, thus exposing users to a financial fraud risk. The targeted information in this instance includes personal details, payment card and other financial information, as well as intercepting and stealing one-time passwords (OTPs).

The technology giant went on to reveal the existence of similar malicious applications targeting Indian users. ‘’Like the two cases discussed above, these campaigns involve sharing the fraudulent apps through WhatsApp and Telegram, and possibly other social media platforms. Moreover, these campaigns select legitimate and even well-known institutions and services in the region to imitate and lure users into a false sense of security,’’ Microsoft revealed.

It also advised users to always install apps exclusively from official stores, to stay vigilant and avoid clicking on unknown links, as well as use mobile security solutions.

Personal Data of Over 184K People Stolen From AutoZone

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Leading American automotive parts company, AutoZone, disclosed being victim to the June 2023, CI0p ransomware exploited MOVEit zero-day vulnerability attack. In individual notices, potential victims were warned about the exposure of their personal information.

According to the issued notification, the company suffered an indirect breach which led the unauthorized attackers to access sensitive information of around 184,995 people.

“AutoZone became aware that an unauthorized third party exploited a vulnerability associated with MOVEit and exfiltrated certain data from an AutoZone system that supports the MOVEit application,” the notice said.

It went on to say that the exfiltration of data was confirmed on or around August 15, 2023, post which the company decided to investigate the incident with the help of third-party security experts.

After three months of investigation, it was able to determine the type of data that was stolen and number of impacted victims. However, the notification did not reveal any details about the stolen information. Information about the type of data (name, other personal identifiers, combined with Social Security numbers) could only be determined in the disclosure to the Office of The Maine Attorney General .

AutoZone confirmed implementing the needed remediation security measures, including a 12-month complimentary identity theft protection service for impacted victims. It also advised people to remain vigilant and report any suspicious activity or fraud to the concerned authorities.

The May 2023 attack has already claimed millions of victims and impacted over two thousand organizations worldwide ; resulting in several instances of extortion and stolen data leaks. Some of the prominent companies who either found their data published or ended up paying the ransom include TomTom, Toyota, Pioneer Electronics, ING Bank, Shell Global.