Cyber Crime
Infostealers Target Indian Bank Users to Steal Aadhaar, PAN, ATM, and Credit Card PINs
A new cybersecurity threat has surfaced in India, targeting bank customers with a sophisticated malware campaign designed to steal sensitive financial and personal information.
Discovery & Impact
Cybersecurity researchers at zLabs have identified nearly 900 malware samples, collectively named “FatBoyPanel”, aimed at compromising Aadhar numbers, PAN cards, ATM PINs, and credit card details. The campaign has exposed the data of approximately 50,000 users, including SMS messages from Indian banks and government-issued identification details.
How the Malware Works
The malware is distributed via WhatsApp, disguised as APK files mimicking legitimate government or banking applications. Once installed, the fake apps trick users into entering their banking credentials. The malware also exploits SMS permissions, allowing it to intercept and exfiltrate OTPs, enabling unauthorized transactions.
Register Now for FutureCrime Summit 2025 – Secure Your Spot Today!
Three Variants of the Malware:
- SMS Forwarding – Captures and sends intercepted SMS messages to an attacker’s phone number.
- Firebase-Exfiltration – Sends stolen messages to a Firebase command-and-control server.
- Hybrid – A combination of both methods, maximizing data theft.
Authorities & Security Measures
Researchers have identified over 1,000 phone numbers used in this campaign, which will be shared with authorities to track the cybercriminals.
To stay safe, users should:
✅ Download banking apps only from official app stores.
✅ Enable multi-factor authentication (MFA), including OTPs and biometric authentication.
✅ Avoid clicking on suspicious links or attachments from unknown sources.
With cyber threats evolving, it is crucial for both individuals and financial institutions to remain vigilant and strengthen security measures to combat emerging risks.
