Sunday, February 9, 2025
HomeCyber Security NewsBeware! Fake SBI Reward APK Attacking Users to Deliver Android Malware

Beware! Fake SBI Reward APK Attacking Users to Deliver Android Malware

Published on

SIEM as a Service

Follow Us on Google News

A recent phishing campaign has targeted customers of SBI Bank through a deceptive message circulating in WhatsApp groups.

The message falsely claims that the recipient’s SBI reward points, amounting to Rs 9,980, will expire unless they download a purported “SBI BANK REWARD App.”

This app is represented as an Android APK file, prompting users to deposit cash into their accounts to claim the reward.

Cybersecurity analysis indicates that this campaign is a sophisticated attempt to harvest sensitive user data.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Static and Dynamic Analysis

The analysis of the Android APK named SBl REWARDZ POINT 1.apk revealed several concerning findings through both static and dynamic examination.

Fake SBI Reward APK
Android APK File

One of the primary issues identified was the request for extensive permissions that are often associated with malicious applications, such as access to SMS, contacts, and call logs.

Additionally, the investigation uncovered hardcoded URLs that direct to command-and-control servers, suggesting that the app possesses the potential to exfiltrate sensitive user information.

Notable domains linked to these activities include https://superherocloud.com and wss://socket.missyou9.in.

Furthermore, the application was found to replicate the SBI login page, aiming to deceive users into providing their credentials, which are subsequently transmitted to the malicious servers.

Network Traffic Behavior

During dynamic analysis within a controlled environment using tools like Wireshark, the APK exhibited alarming behaviors:

  • Beaconing Activity: The application established persistent communication with remote servers, sending detailed device information, including mobile ID and SIM details.
  • Data Exfiltration: Upon capturing user credentials, the app transmitted this data to the identified malicious endpoints, posing a significant risk of financial theft.

This phishing attempt underscores the critical need for heightened cybersecurity awareness among users.

Fake SBI Reward APK
Virus Total scan result

According to the Malware Analysis, the campaign’s reliance on trust and urgency makes it particularly effective.

Users are urged to remain alert to suspicious messages and to adopt best practices in cybersecurity hygiene, such as:

  • Avoid the installation of apps from unverified sources.
  • Regularly monitoring bank statements for unauthorized transactions.
  • Reporting any suspicious activity to their financial institution immediately.

By fostering awareness and implementing protective measures, individuals can significantly reduce their vulnerability to such scams.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...