FakeReward Mobile Malware Used Against Indian Victims
FakeReward is the name of a mobile malware package that was discovered by security researchers in late November 2022.
The malware targets the Android platform and functions very similarly to a banking trojan. Researchers stated that it was distributed using phishing text messages, primarily to bank customers located in India, who were using some of the biggest legitimate banks.
FakeReward comes in malicious packages for Android, tailor-made to resemble the visual branding and imagery of the legitimate banking institutions. The malicious app asks victims to give it permission to access and work with SMS messages. This will allow the malware to intercept multi-factor authentication codes such as single-use codes.
The fake apps also offer rewards and various discounts. However, in order to gain access to the fake rewards, the victims need to provide sensitive information for themselves. The malware attempts to collect all sorts of data from the device related to the user, which includes real, full names, mobile numbers, emails, dates of birth and even card numbers.
The amount of information a user might potentially reveal in the fake apps, thinking they are interacting with their real bank, is scary and can turn into a real privacy disaster.