A newly discovered Android banking malware campaign is targeting users across India by exploiting a familiar process Know Your Customer (KYC) verification. Security researchers at Cyfirma have identified this threat, named KYCShadow, which spreads primarily through WhatsApp messages.
The attack begins with a deceptive message urging users to complete an urgent KYC update. Victims are prompted to download what appears to be an official banking application. However, once installed, the app quietly begins collecting highly sensitive financial data.
The fake application mimics legitimate KYC workflows, guiding users through a series of convincing screens. It asks for details such as mobile numbers, ATM PINs, Aadhaar information, and debit card credentials. After submission, users see a reassuring message stating that verification is in progress while in reality, their data is already being sent to attacker-controlled servers.
What makes KYCShadow particularly dangerous is its multi-stage design. The initial app acts as a dropper, secretly installing a second, more powerful payload in the background. This secondary malware gains extensive permissions, allowing it to intercept SMS messages, capture OTPs in real time, send messages remotely, and even place calls without the user’s knowledge.
To remain undetected, the malware hides its icon from the device and runs silently. It also activates a VPN connection that routes all internet traffic through malicious infrastructure. This enables attackers to monitor activity and block connections to security tools that might otherwise detect the infection.
Additionally, the malware establishes a persistent communication channel using cloud messaging services, allowing attackers to issue commands such as extracting inbox data, forwarding calls, and executing USSD operations.
Experts strongly advise users to avoid installing apps received via messaging platforms like WhatsApp. Only download applications from trusted sources, keep “Install Unknown Apps” disabled, and never share sensitive banking details through unofficial interfaces.
With cybercriminals increasingly leveraging social engineering tactics, staying cautious and informed remains the first line of defense.
Recommended Cyber Technology News :
- ACI Worldwide Adds Account Verification to Fraud Prevention Platform
- Keeper Enhances Browser Security With Verify Mode launch
- Heligan Group Launches Strategic Advisory Unit to Meet Rising Demand for Risk
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
