Cybersecurity experts have uncovered a novel danger: malicious software specifically designed to pilfer banking credentials through WhatsApp*. Once cybercriminals seize command of Android devices, they gain extensive privileges to users’ private information, as reported by borncity.com.
The perpetrators employed a strategy of mass distribution for a deceptive application, purportedly aimed at updating information as part of Know Your Customer (KYC) protocols, disseminated via the widely used messaging platform. During the initial infection phase, malware is installed on the mobile device, cloaking itself as a legitimate banking application. Encryption is utilized to conceal the program’s malevolent intent.
Upon launch, the application solicits permissions for accessing SMS messages, managing the phone, and utilizing VPN services. This affords the cybercriminals the capability to harvest phone numbers and bank card details. By intercepting text messages, the fraudsters can capture one-time verification codes, effectively circumventing two-factor authentication safeguards. Furthermore, the program enables the execution of inquiries regarding account balances and the configuration of call forwarding.
Experts strongly urge users to refrain from installing any software downloaded from unverified sources or received directly through messaging applications. It is also paramount to routinely monitor one’s smartphone for any unauthorized call forwarding setup and to conduct thorough virus scans.
About the Author
