Fake Apps Of SBI, ICICI, Axis, Citi Bank May Have Stolen Data Of 160,000 Customers

These fake apps are luring customers with interest-free loan, cashbacks, and home delivery of cash.

Fake banking apps are stealing your data
Fake banking apps are stealing your data

Fraudsters have now resorted to fake banking apps, to steal data from gullible users. And they are doing this with some fair amount of success as well.

As per a recent report by IT Security firm, as many as 160,000 users may have been impacted by this new fraud.

You will be surprised to find how they are fooling people. Keep reading to find out more.


Fake Banking Apps Are Here: Beware!

As per the latest report by SophosLabs, tons of fake banking apps have emerged in recent time, which are fooling bank users, and stealing their data.

Disguised in the design and colors (and sometimes usability) of actual apps, these fake apps are being downloaded as non-tech savvy bank users are not able to distinguish between real and fake apps.

Once installed, these apps will steal the personal details of the customers, and most probably sell them in the black market.

Which Banks Are Targeted?

As per the report, there are mainly 7 banks, which are prime targets in this fake business of apps:

State Bank of India (SBI), ICICI Bank, Indian Overseas Bank, Axis Bank, Bank of Baroda, Yes Bank, and Citibank.

As many as 160,000 have downloaded these fake apps, and lost their data.

Fake Banking Apps: Modus Operandi

SophosLabs has found that these fake apps are luring mobile users with special discounts, cashbacks, interest-free loans and more.

One of the fake app even offered free cash withdrawal service: Order cash withdrawal from the app, and they will deliver the cash right into your home. SophosLabs said, “It probably did deliver cash to someone, but the recipient probably wasn’t the victim.”

Some of these apps are also using images of popular actors (Amitabh Bachchan) and politicians (PM Modi) to incite trust.

What Are These Fake Apps Stealing?

Once installed, most of these apps ask for the users’ bank account details, debit/credit cards, name, address and phone numbers. They ask for these details, so that the app can fetch current bank balance.

Other apps are even asking for Aadhaar, PAN Card details from the users.

Once the information is submitted, the details are sent to a command center, without any verification. SophosLabs found that most of the apps are sending data to a common command center, which signifies the role of an organized gang of hackers.

SophosLabs has partially blamed Google for this fiasco, as they said, “The threat is underscored by the fact that such malware found and continues to find its way into Google Play, which remains one of the most common source of Android apps today, used by millions of users worldwide.”

Banks Respond

Some banks have informed TOI that they have alerted CERT-In — the national nodal agency for responding to computer security incidents.

YES Bank has informed that their ‘cyber fraud department’ is looking into this matter.

There has been no response from SBI, ICICI Bank and Axis Bank. Citi Bank has said that their bank was not impacted due to these fake apps.

We will keep you updated, as more details come in.

Leave A Reply

Your email address will not be published.

who's online