Widespread Android malware campaign hits India

Fifty-thousand Android device users across India are believed to have had their personal and banking details compromised as part of a sweeping FatBoyPanel malware campaign, according to SecurityWeek.

Over 1,000 malicious apps and nearly 1,000 phone numbers have been leveraged by a single threat actor to facilitate the deployment of about 900 malware samples with similar code and user interface that were primarily aimed at banking app users, a Zimperium report showed. Hard-coded phone numbers in the apps also enabled OTP and SMS exfiltration. "The malware exploits SMS permissions to intercept and exfiltrate messages, including OTPs, facilitating unauthorized transactions. Additionally, it employs stealth techniques to hide its icon and resist uninstallation, ensuring persistence on the compromised devices," said Zimperium researchers, who discovered 2.5 GB of data within the over 220 internet-exposed Firebase storage buckets used in the coordinated attack campaign found to have been operated by several users.