Beware! Fake SBI Reward APK Attacking Users to Deliver Android Malware

A recent phishing campaign has targeted customers of SBI Bank through a deceptive message circulating in WhatsApp groups.

The message falsely claims that the recipient’s SBI reward points, amounting to Rs 9,980, will expire unless they download a purported “SBI BANK REWARD App.”

This app is represented as an Android APK file, prompting users to deposit cash into their accounts to claim the reward.

Cybersecurity analysis indicates that this campaign is a sophisticated attempt to harvest sensitive user data.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Static and Dynamic Analysis

The analysis of the Android APK named SBl REWARDZ POINT 1.apk revealed several concerning findings through both static and dynamic examination.

One of the primary issues identified was the request for extensive permissions that are often associated with malicious applications, such as access to SMS, contacts, and call logs.

Additionally, the investigation uncovered hardcoded URLs that direct to command-and-control servers, suggesting that the app possesses the potential to exfiltrate sensitive user information.

Notable domains linked to these activities include https://superherocloud.com and wss://socket.missyou9.in.

Furthermore, the application was found to replicate the SBI login page, aiming to deceive users into providing their credentials, which are subsequently transmitted to the malicious servers.

Network Traffic Behavior

During dynamic analysis within a controlled environment using tools like Wireshark, the APK exhibited alarming behaviors:

• Beaconing Activity: The application established persistent communication with remote servers, sending detailed device information, including mobile ID and SIM details.
• Data Exfiltration: Upon capturing user credentials, the app transmitted this data to the identified malicious endpoints, posing a significant risk of financial theft.

This phishing attempt underscores the critical need for heightened cybersecurity awareness among users.

According to the Malware Analysis, the campaign’s reliance on trust and urgency makes it particularly effective.

Users are urged to remain alert to suspicious messages and to adopt best practices in cybersecurity hygiene, such as:

• Avoid the installation of apps from unverified sources.
• Regularly monitoring bank statements for unauthorized transactions.
• Reporting any suspicious activity to their financial institution immediately.

By fostering awareness and implementing protective measures, individuals can significantly reduce their vulnerability to such scams.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar