Fake banking apps are on the rise in India, as cybercriminals are using them to trick unsuspecting users into revealing their financial and personal information. These apps mimic the look and feel of legitimate banking apps, but instead of providing any real service, they collect the user’s credit or debit card details, bank account credentials, and other sensitive data.
How Fake Banking Apps Work
Fake banking apps are usually distributed through phishing messages, social media posts, or malicious websites that lure users into downloading them. The messages or posts may claim that the user can get some rewards, discounts, or cashback by installing the app and entering their card details. The websites may look like the official pages of the banks, but they are actually controlled by the hackers.
Once the user installs the fake app, it asks for various permissions, such as access to contacts, messages, calls, and notifications. It also prompts the user to enter their card details, PIN, CVV, and OTP as part of a fake verification process. The app then sends this information to a remote server, where the hackers can use it to carry out fraudulent transactions or identity theft.
Some of the fake apps also have remote access trojan (RAT) capabilities, which allow the hackers to take over the user’s device and intercept important notifications, such as those related to two-factor authentication (2FA). This way, the hackers can bypass the security measures and gain full access to the user’s bank account.
Which Banks are Affected by Fake Apps
According to a report by The Record, a cyber-security news website, there are at least 167 fake banking apps that target Android and iOS users in India. These apps impersonate some of the leading banks in the country, such as State Bank of India (SBI), ICICI Bank, Axis Bank, HDFC Bank, Yes Bank, Citi Bank, and Indian Overseas Bank.
The report also mentions that some of the fake apps are based on a malware family called Marcher, which has been active since 2013 and has evolved over time to target different banks and payment services. Another malware family called Asacub, which was originally designed to steal SMS messages, has also been modified to create fake banking apps.
The fake apps are often hard to distinguish from the real ones, as they use the same logos, colors, and layouts. However, there are some signs that can help users spot them, such as spelling errors, poor graphics, excessive permissions, and unknown sources.
How to Protect Yourself from Fake Banking Apps
The best way to avoid falling victim to fake banking apps is to be careful about what you download and install on your device. Here are some tips to follow:
- Always download banking apps from the official app stores, such as Google Play or Apple App Store, and not from third-party sources or links.
- Check the reviews, ratings, and developer information of the app before downloading it. If the app has low ratings, negative reviews, or suspicious developer names, avoid it.
- Verify the app’s permissions and make sure they are relevant to the app’s functionality. If the app asks for unnecessary or excessive permissions, such as access to your contacts, messages, or camera, deny them or uninstall the app.
- Do not enter your card details, PIN, CVV, or OTP on any app that claims to offer rewards, discounts, or cashback. These are likely to be scams that aim to steal your money and data.
- Use a reliable antivirus or security app on your device and keep it updated. This can help you detect and remove any malicious apps or malware that may be hiding on your device.
- Enable 2FA on your bank account and use a strong and unique password. This can add an extra layer of security and prevent unauthorized access to your account.
Fake banking apps are a serious threat to the security and privacy of users in India. By following these tips, you can protect yourself from these apps and enjoy safe and secure banking.
