Cybercrime is elevating and it has reached new heights in 2022. Threat actors have created new techniques to increase the likelihood of a successful attack, which was recently witnessed with Twitter’s phishing campaign. Now, a new threat is looming around the Indian region, targeting big names in the banking industry.
It all starts with a text message with an embedded link. Yes, Indian bank customers are targeted with a massive Smishing attack that ends up injecting one of many dangerous malware variants.
The campaign is massive, especially due to the fact that it allows the threat actors to harvest personally identifiable information, including credit card information. You must be asking: What malware is distributed? What banks are the cybercriminals targeting? Find out below.
Indian Banks Smishing – It Only Takes One Click
Whether it’s normal phishing or Smishing, the fabrication of real logos, names, and affiliated brands is always used to add more sense of legitimacy to the scam.
And with the abilities cybercriminals now have, it’ll be so easy to pull off. In fact, a while ago, attackers used none other than Verizon to trick users into submitting their personal information.
They mimicked the logo using math symbols and other characters so that it looks legit and real. In other words, they’re always ready to go all out to guarantee higher success rates.
Now, the new phishing campaign is targeting bank customers in India, particularly those of Axis Bank, ICICI Bank, and the State Bank of India (SBI), among others.
The attack is as dangerous, if not more than others as it hosts several malware families. As a matter of fact, the attackers are spreading five different malware among banking users in India, namely Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy.
As mentioned, this is a Smishing attack, which involves an SMS with a link for the users to click on. Once they do, it’ll redirect them to a fake website where they’re promoted to submit personal information.
As seen in the images above, the fake deal is to get a tax refund or gain credit card reward points. To do so, the users should enter personal information as well as credit card details. And we all know what happens next.
The Threat that Stands Out
So far, the Elibomi malware is taking control of this attack. Although old in terms of existence, this malware has evolved over the years.
With new capabilities, Elibomi (Now Drinik), can execute several commands on the victims’ devices while masking its presence with elevated evasion techniques. According to researchers:
“Elibomi implements an overlay by adding a view to the current window as an evasion technique from users, instead of having an overlay on other apps such as bank applications to steal users’ credentials.”
The same goes for FakeReward and AxBanker banking trojans. Once the users install them, they’ll ask for permission to access SMS messages and notifications.
As a result, the threat actors will start performing their malicious practices. They’ll harvest everything the user receives and anything he/she submits.
Trend Micro stated that this campaign didn’t target any country outside India, yet. Unfortunately, the country itself is seeing a lot of similar attacks that have adopted near-perfect evasion techniques.
Indian Banks at Risk – A Massive Smishing Campaign
Just like other phishing campaigns, the victims head to fake websites where they download malicious applications. In this particular attack, the threat actors are reusing the brand logos to increase its legitimacy.
All we can say is that bank clients should remain vigilant when they receive such text messages. At least, they’ll avoid being tricked into downloading malware that steals their private information.
