New Banking Attacking Users of Indian banks to Steal Aadhar, PAN, ATM & Credit Card PINs

A sophisticated malware campaign, dubbed “FatBoyPanel,” has been uncovered by cybersecurity researchers, targeting users of Indian banks.

This campaign, consisting of nearly 900 malware samples, is designed to steal sensitive financial and personal information, including Aadhaar numbers, PAN cards, ATM PINs, and credit card details.

The malware primarily exploits Android devices and poses a significant threat to digital banking security in India.

How the Malware Operates

The malware is distributed via WhatsApp as APK files that masquerade as legitimate government or banking applications.

Once installed, these malicious apps mimic the user interface of real banking apps to deceive users into providing sensitive information.

Key details targeted include Aadhaar and PAN numbers, credit and debit card credentials, ATM PINs, and mobile banking login details.

One of the malware’s most alarming features is its ability to exploit SMS permissions on compromised devices.

It intercepts and exfiltrates one-time passwords (OTPs) and other sensitive messages, enabling unauthorized transactions.

The malware employs advanced stealth techniques to hide its presence and resist uninstallation, ensuring persistence on infected devices.

Variants and Data Exposure

The FatBoyPanel malware family includes three distinct variants:

1. SMS Forwarding: Captures SMS messages and forwards them to attacker-controlled phone numbers.
2. Firebase Exfiltration: Sends stolen SMS data to Firebase endpoints acting as command-and-control (C&C) servers.
3. Hybrid: Combines both methods for data exfiltration.

Researchers identified over 1,000 malicious applications linked to this campaign.

These apps use techniques like code obfuscation to evade detection and make reverse engineering challenging.

Alarmingly, data exfiltrated through Firebase endpoints was found to be publicly accessible due to a lack of authentication mechanisms.

This exposed sensitive information of approximately 50,000 users, including bank account details and government-issued IDs.

Zimperium analysis of the attackers’ phone numbers revealed that most were registered in regions such as West Bengal, Bihar, and Jharkhand.

The campaign also impersonated several prominent Indian banks by replicating their app icons and interfaces to enhance credibility.

To mitigate risks:

• Users should download banking apps only from official app stores.
• Multi-factor authentication (MFA), such as biometric verification or OTPs, should be enabled for added security.
• Avoid clicking on suspicious links or installing APK files from unknown sources.

The increasing reliance on digital payments in India underscores the importance of robust cybersecurity measures.

Both individuals and institutions must remain vigilant against evolving threats like the FatBoyPanel campaign to safeguard financial data effectively.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!