A new Android malware is disguising itself as SBI Card and Axis Bank applications to extract users’ financial information.

A sophisticated new Android malware campaign has emerged, specifically targeting Indian banking customers by impersonating popular financial applications. This malicious software masquerades as legitimate apps from major Indian financial institutions, including SBI Card, Axis Bank, Indusind Bank, ICICI, and Kotak. It deceives users into downloading fake applications that steal sensitive financial information. The malware operates through carefully crafted phishing websites that closely replicate official banking portals, incorporating authentic visual elements and branding to establish credibility. These fraudulent sites feature prominent “Get App” and “Download” buttons, prompting unsuspecting users to install malicious APK files disguised as official banking applications. The campaign particularly targets Hindi-speaking users across India, leveraging cultural and linguistic familiarity to enhance its deceptive effectiveness.

McAfee researchers have identified this threat as particularly dangerous due to its dual-purpose architecture, which combines traditional banking fraud with cryptocurrency mining capabilities. The malware not only harvests personal and financial data but also silently mines Monero cryptocurrency on infected devices, maximising the attackers’ financial gains from each compromised device. What distinguishes this campaign from conventional banking trojans is its sophisticated evasion mechanisms and remote activation capabilities. Upon installation, the malware presents users with a fake Google Play Store interface, suggesting that an app update is required. This deceptive tactic builds user confidence while the malware prepares its malicious payload. The malware employs a sophisticated two-stage payload delivery system designed to evade static analysis and detection, complicating forensic analysis and automated detection systems.