Summary: zLabs has revealed a widespread mobile banking malware operation, named FatBoyPanel, targeting Indian financial institution users, affecting around 50,000 individuals. This campaign utilizes advanced techniques such as SMS interception and Firebase misconfigurations to exfiltrate sensitive information, representing one of India’s largest mobile banking breaches. Key vulnerabilities include the distribution of deceptive APK files and a lack of security on exposed data storage, enabling attackers to access critical user information easily.
Affected: Indian financial institutions, mobile banking users
Keypoints :
- Nearly 900 distinct malware samples targeting Indian banking users.
- Exposed 2.5GB of sensitive data due to misconfigured Firebase storage, including bank account details and government IDs.
- Employs live phone number redirection to intercept OTP messages in real time.
- Malware variants identified: SMS Forwarding, Firebase-Exfiltration, and Hybrid.
- Exploitation of trust in legitimate bank and government apps to enhance phishing effectiveness.