Zscaler’s ThreatLabz researchers recently observed the rise of a sophisticated phishing campaign spreading via fake banking sites targeting big indian banks like HDFC, AXIS and SBI. The team will continue monitoring the emerging situation and will provide an update on any significant new developments. Previously, ThreatLabz researchers observed Indian banking customers being targeted with fake complaint forms from phishing sites spreading short message service (SMS) mobile text stealer malwares. In contrast, this new campaign leverages fake card update sites to spread Android-based phishing malware aimed at collecting banking information for financial fraud.
Campaign 1: Targeting HDFC and Axis banks
Threatlabz researchers observed domains serving links for fake bank related application downloads as shown in Fig.1 and Fig.2 below.
Fig 1. Imitation application phishing site targeting HDFC bank customers
Fig 2. Imitation application phishing site targeting Axis bank customers
The two screenshots shown above show how these phishing scammers impersonate banking sites to gain customers’ sensitive information by incentivizing them to fill out fake applications to redeem their earned card points for cash or a voucher. In most cases, these sites are being spread through SMS text messages to victims. Once a user clicks on the contained link, the victim is prompted to install an android-based phishing malware, designed to steal critical financial data.
Fig 3. Phishing page for…
