Summary: A significant malicious campaign named FatBoyPanel has been uncovered by Zimperium, targeting Android users in India to steal personal and banking information through over 1,000 malicious applications. The campaign uniquely utilizes live phone numbers for OTP theft, and it is attributed to a single threat actor who has compromised an estimated 50,000 users so far. Key details include the exploitation of SMS permissions to intercept messages and the use of poorly secured Firebase databases for data storage.
Affected: Android users in India
Keypoints :
- FatBoyPanel campaign employs live phone numbers for redirecting text messages instead of traditional C&C servers.
- More than 220 publicly accessible Firebase storage buckets were discovered, containing sensitive user information.
- The malware utilizes stealth techniques to persist on devices and exfiltrates sensitive data through hard-coded phone numbers.
Source: https://www.securityweek.com/1000-apps-used-in-malicious-campaign-targeting-android-users-in-india/