AxBanker Mobile Malware

The AxBanker is a banking Trojan targeting Android devices specifically. The threatening tool has been deployed as part of large attack campaigns against users in India. The threat actors use smishing (SMS phishing) techniques to smuggle the malware threat onto the victims' devices. The fake applications carrying AxBanker are designed to visually impersonate the official applications of popular Indian banking organizations. The weaponized applications use fake promises or rewards and discounts as additional lures. Details about the threat were revealed to the public in a report published by security researchers.

Once activated on the victim's Android device, AxBanker will ask for SMS permissions. If the threat is successful, it will abuse the received capabilities to perform several, invasive actions. More specifically, the banking Trojan will be able to stop any warnings that may be sent to the victim's device, intercept OTP (one-time passwords) or compromise 2FA/MFA codes (two-factor/multi-factor authentication).

To collect the victim's credentials and personal details, AxBanker will generate multiple phishing windows presented as offers for rewards and discounts. To receive the supposed rewards, users are asked to fill out the needed information. The threat asks for full names, dates of birth, phone numbers, email addresses and even credit/debit card details. The information is sensitive enough that once compromised, it could lead to serious consequences for the victims. The cybercriminals may use the collected details to take over users' accounts, make fraudulent purchases and more.