Warning: New Massive Malicious Campaigns Targeting Top Indian Banks’ Customers

Home/Internet Security, malicious cyber actors, Malicious extension, Malware, Mobile Security, Security Advisory, Security Update/Warning: New Massive Malicious Campaigns Targeting Top Indian Banks’ Customers

Warning: New Massive Malicious Campaigns Targeting Top Indian Banks’ Customers

Trend Micro researchers observed an uptick in attacks targeting bank customers in India, the common entry point being a text message with a phishing link.

The SMS content urges the victims to open the embedded phishing link or malicious app download page and follow the instructions: To fill in their personally identifiable information (PII) and credit card details to allegedly get a tax refund or credit card reward points. As of this writing, Trend Micro observed five banking malware families involved in these attacks, namely Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy.

Elibomi, first documented by McAfee in September 2021, is engineered to steal personal data, take screenshots, and even capture the lock screen code or pattern by abusing Android’s accessibility API permissions, enabling it to seize control of the compromised devices.

The apps themselves are delivered through phishing websites with domain names similar to that of their legitimate counterparts, in addition to reusing the brand logos to increase the likelihood of a successful attack and trick the user into downloading the malicious app to get “instant reward points.”

The similarity in stolen data and phishing themes notwithstanding, Trend Micro said there is no concrete evidence tying all these malware families to a single threat actor.

Trend Micro researchers analyzed that the bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentially affecting millions of customers. Common among these routines include the abuse of the legitimate banks’ logos, names, and affiliated brands and services to convince victims that their respective phishing sites are affiliated. 

Trend Micro Solutions

Users can follow the below trendmicro solutions

Trend Micro Mobile Security Solutions can scan mobile devices in real time and on demand to detect malicious apps, sites, or malware to block or delete them. These solutions are available on Android and iOS, and can protect users’ devices and help them minimize the threats brought by these fraudulent applications and websites


 0eda2c0b96aa1e482760d47c25b8bcd033f1ad028885e8b276878b429b6c80f9    Elibomi malware                             AndroidOS_Elibomi       
 1240870ae35a18d53287b89f300cafec31e6c2a4962faba4c467c587b24d445b    Elibomi malware                             AndroidOS_Elibomi               
 12b47e5b7f6cc7371c7a243ae0d58cf7b7391e0a471a4365d03b7db9e45a5dd8    Elibomi malware                             AndroidOS_Elibomi               
 1e7df4ba8b45253bae2f419e831089a9cc776032d6c7175d45fc3db45687b19d    Additional payload installed by Elibomi     AndroidOS_Elibomi       
 289469ac20602f3acfc528b34f9b085c08697b69c745891f14f66d39b41dea0b    Elibomi malware                             AndroidOS_Elibomi                 
 40b469c6e7176101abb3d114c689fe0b3cc244292bcbc0658174337596caf1a9    Elibomi malware                             AndroidOS_Elibomi                 
 5c9dd64dd4ee534d4d9e2faa1b43eabc04336530a7ec81d2579fa33f27bf1356       Elibomi malware                 AndroidOS_Elibomi
 7d3d5f16ae9c4d9efd33714731bbea8e0188b5021e3845ceef1b48f9b23b8bb0    Elibomi malware                             AndroidOS_Elibomi     
 7e4e88db5aa46a5fa7d9eb4ec17c9451dd53a4bd68cae59d0b5da3e1e93a373c    Elibomi malware                             AndroidOS_Elibomi           
 87325f5be4c9d736ac5538d5a8f0c35e4724728e9cccf9f2f5b3115e223b4922    Additional payload installed by Elibomi     AndroidOS_Elibomi             
 a389911dcba6afa54a1977657a17292ec1a8e3f49ee3726600725f4200ca7960    Elibomi malware                             AndroidOS_Elibomi               
 a444b4264d141e5dfb4547b87f36444ae85e54b51e73e6814a63d4ca30a0673e    Elibomi malware                             AndroidOS_Elibomi           
 b91f82459d599afc32c12a371588fdeb3c709fe402f7ae383c3828338f6028d3    Additional payload installed by Elibomi     AndroidOS_Elibomi             
 d4b7e0a6a8f86b52214e584f75291cc5f6b77e0b790170b0fad13b2fbbfef7af       Elibomi malware                 AndroidOS_Elibomi
 d832cd08d46db8af42ca7136401da8dd751d6e5be9339e0b040d0e0d134bc7d8    Elibomi malware                             AndroidOS_Elibomi               
 df863dcb5f08e11bb3776f2a72aff7e691738621a8d989495ff4876cc9efa770    Elibomi malware                             AndroidOS_Elibomi   
                                                                                                                                          Backend server                                                                                                                Backend server                                                                                                                Backend server                                                                                                                Phishing link                                                                                 Phishing link
 hxxp://     Phishing link                                                                                     Command and control (C&C) link                                                                    Download link of additional payload                                                               Download link of additional payload                                                               
 http://gia.3utilities.com/iaserver.php        Command and control (C&C) link   

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!