{"id":206689,"date":"2024-12-12T15:07:26","date_gmt":"2024-12-12T23:07:26","guid":{"rendered":"https:\/\/www.mcafee.com\/blogs\/?p=206689"},"modified":"2025-05-27T20:04:24","modified_gmt":"2025-05-28T03:04:24","slug":"a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/","title":{"rendered":"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India"},"content":{"rendered":"

Authored by Dexter Shin<\/em><\/p>\n

Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile Research Team discovered a new Android banking trojan targeting Indian users. This malware disguises itself as essential services, such as utility (e.g., gas or electricity) or banking apps, to get sensitive information from users. These types of services are vital for daily life, making it easier to lure users. We have previously observed malware that masquerades as utility services in Japan<\/a>. As seen in such cases, utility-related messages, such as warnings that gas service will disconnect soon unless the bill is checked, can cause significant alarm and prompt immediate action from the users.<\/p>\n

We have identified that this malware has infected 419 devices, intercepted 4,918 SMS messages, and stolen 623 entries of card or bank-related personal information. Given the active malware campaigns, these numbers are expected to rise. McAfee Mobile Security already detects this threat as Android\/Banker. For more information, visit McAfee Mobile Security<\/a><\/p>\n

Phishing through messaging platforms like WhatsApp<\/strong><\/h2>\n

As of 2024, India is the country with the highest number of monthly active WhatsApp users. This makes it a prime target for phishing attacks. We’ve previously introduced another Banker distributed via WhatsApp<\/a>. Similarly, we suspect that the sample we recently found also uses messaging platforms to reach individual users and trick them into installing a malicious APK. If a user installs this APK, it will allow attackers to steal the victim’s financial data, thereby accomplishing their malicious goal.<\/p>\n

\"\"<\/p>\n

Figure 1. Scammer messages reaching users via Whatsapp (source: reddit<\/a>)<\/p>\n

 <\/p>\n

Inside the malware<\/strong><\/h2>\n

The malware we first identified was pretending to be an app that allowed users to pay their gas bills. It used the logo of PayRup, a digital payment platform for public service fees in India, to make it look more trustworthy to users.<\/p>\n

\"\"<\/p>\n

Figure 2. Malware disguised as gas bills digital payment app<\/p>\n

 <\/p>\n

Once the app is launched and the permissions, which are designed to steal personal data such as SMS messages, are granted, it asks the user for financial information, such as card details or bank account information. Since this malware pretends to be an app for paying bills, users are likely to input this information to complete their payments. On the bank page, you can see major Indian banks like SBI and Axis Bank listed as options.<\/p>\n

\"\"<\/p>\n

Figure 3. Malware that requires financial data<\/p>\n

 <\/p>\n

If the user inputs their financial information and tries to make a payment, the data is sent to the command and control (C2) server. Meanwhile, the app displays a payment failure message to the user.<\/p>\n

\"\"<\/p>\n

Figure 4. Payment failure message displayed but data sent to C2 server<\/p>\n

 <\/p>\n

One thing to note about this app is that it can’t be launched directly by the user through the launcher. For an Android app to appear in the launcher, it needs to have \u201candroid.intent.category.LAUNCHER\u201d defined within an <intent-filter> in the AndroidManifest.xml. However, since this app doesn’t have that attribute, its icon doesn’t appear. Consequently, after being installed and launched from a phishing message, users may not immediately realize the app is still installed on their device, even if they close it after seeing messages like “Bank Server is Down”, effectively keeping it hidden.<\/p>\n

\"\"<\/p>\n

Figure 5. AndroidManifest.xml for the sample<\/p>\n

 <\/p>\n

Exploiting Supabase for data exfiltration<\/strong><\/h2>\n

In previous reports, we’ve introduced various C2 servers used by malware. However, this malware stands out due to its unique use of Supabase, an open-source database service. Supabase is an open-source backend-as-a-service, similar to Firebase, that provides PostgreSQL-based database, authentication, real-time features, and storage. It helps developers quickly build applications without managing backend infrastructure. Also, it supports RESTful APIs to manage their database. This malware exploits these APIs to store stolen data.<\/p>\n

\"\"<\/p>\n

Figure 6. App code using Supabase<\/p>\n

 <\/p>\n

A JWT (JSON Web Token) is required to utilize Supabase through its RESTful APIs. Interestingly, the JWT token is exposed in plain text within the malware’s code. This provided us with a unique opportunity to further investigate the extent of the data breach. By leveraging this token, we were able to access the Supabase instance used by the malware and gain valuable insights into the scale and nature of the data exfiltration.<\/p>\n

\"\"<\/p>\n

Figure 7. JWT token exposed in plaintext<\/p>\n

 <\/p>\n

During our investigation, we discovered a total of 5,558 records stored in the database. The first of these records was dated October 9, 2024. As previously mentioned, these records include 4,918 SMS messages and 623 entries of card information (number, expiration date, CVV) and bank information (account numbers, login credentials like ID and password).<\/p>\n

\"\"<\/p>\n

Figure 8. Examples of stolen data<\/p>\n

 <\/p>\n

Uncovering variants by package prefix<\/strong><\/h3>\n

The initial sample we found had the package name \u201cgs_5.customer\u201d. Through investigation of their database, we identified 8 unique package prefixes. These prefixes provide critical clues about the potential scam themes associated with each package. By examining the package names, we can infer specific characteristics and likely focus areas of the various scam operations.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n
Package Name<\/td>\nScam Thema<\/td>\n<\/tr>\n
ax_17.customer<\/td>\nAxis Bank<\/td>\n<\/tr>\n
gs_5.customer<\/td>\nGas Bills<\/td>\n<\/tr>\n
elect_5.customer<\/td>\nElectrical Bills<\/td>\n<\/tr>\n
icici_47.customer<\/td>\nICICI Bank<\/td>\n<\/tr>\n
jk_2.customer<\/td>\nJ&K Bank<\/td>\n<\/tr>\n
kt_3.customer<\/td>\nKarnataka Bank<\/td>\n<\/tr>\n
pnb_5.customer<\/td>\nPunjab National Bank<\/td>\n<\/tr>\n
ur_18.customer<\/td>\nUttar Pradesh Co-Operative Bank<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Based on the package names, it seems that once a scam theme is selected, at least 2 different variants are developed within that theme. This variability not only complicates detection efforts but also increases the potential reach and impact of their scam campaigns.<\/p>\n

Mobile app management of C2<\/strong><\/h2>\n

Based on the information uncovered so far, we found that the malware actor has developed and is actively using an app to manage the C2 infrastructure directly from a device. This app can send commands to forward SMS messages from the victim’s active phones to specified numbers. This capability differentiates it from previous malware, which typically manages C2 servers via web interfaces. The app stores various configuration settings through Firebase. Notably, it utilizes Firebase \u201cRealtime Database\u201d rather than Firestore, likely due to its simplicity for basic data retrieval and storage.<\/p>\n

\"\"<\/p>\n

Figure 9. C2 management mobile application<\/p>\n

 <\/p>\n

Conclusion<\/strong><\/h2>\n

Based on our research, we have confirmed that 419 unique devices have already been infected. However, considering the continual development and distribution of new variants, we anticipate that this number will steadily increase. This trend underscores the persistent and evolving nature of this threat, emphasizing the need for careful observation and flexible security strategies.<\/p>\n

As mentioned at the beginning of the report, many scams originate from messaging platforms like WhatsApp. Therefore, it’s crucial to remain cautious when receiving messages from unknown or uncertain sources. Additionally, given the clear emergence of various variants, we recommend using security software that can quickly respond to new threats. Furthermore, by employing McAfee Mobile Security<\/a>, you can bolster your defense against such sophisticated threats.<\/p>\n

Indicators of Compromise (IOCs)<\/strong><\/h2>\n

 <\/p>\n

APKs:<\/p>\n\n\n\n\n\n\n
SHA256<\/td>\nPackage Name<\/td>\nApp Name<\/td>\n<\/tr>\n
b7209653e226c798ca29343912cf21f22b7deea4876a8cadb88803541988e941<\/td>\ngs_5.customer<\/td>\nGas Bill Update<\/td>\n<\/tr>\n
7cf38f25c22d08b863e97fd1126b7af1ef0fcc4ca5f46c2384610267c5e61e99<\/td>\nax_17.customer<\/td>\nClient Application<\/td>\n<\/tr>\n
745f32ef020ab34fdab70dfb27d8a975b03e030f951a9f57690200ce134922b8<\/td>\nax_17.number<\/td>\nController Application<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Domains:<\/p>\n

    \n
  • https[:\/\/]luyagyrvyytczgjxwhuv.supabase.co<\/li>\n<\/ul>\n

    Firebase:<\/p>\n

      \n
    • https[:\/\/]call-forwarder-1-default-rtdb.firebaseio.com<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

      Authored by Dexter Shin Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee…<\/p>\n","protected":false},"author":695,"featured_media":185601,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[4136],"class_list":["post-206689","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"\nA New Android Banking Trojan Masquerades as Utility and Banking Apps in India | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Authored by Dexter Shin Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Authored by Dexter Shin Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-12T23:07:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-28T03:04:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_030624.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India\",\"datePublished\":\"2024-12-12T23:07:26+00:00\",\"dateModified\":\"2025-05-28T03:04:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/\"},\"wordCount\":1228,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_030624.png\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/\",\"name\":\"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_030624.png\",\"datePublished\":\"2024-12-12T23:07:26+00:00\",\"dateModified\":\"2025-05-28T03:04:24+00:00\",\"description\":\"Authored by Dexter Shin Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_030624.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_030624.png\",\"width\":300,\"height\":200},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India | McAfee Blog","description":"Authored by Dexter Shin Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India | McAfee Blog","og_description":"Authored by Dexter Shin Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2024-12-12T23:07:26+00:00","article_modified_time":"2025-05-28T03:04:24+00:00","og_image":[{"width":300,"height":200,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_030624.png","type":"image\/png"}],"author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India","datePublished":"2024-12-12T23:07:26+00:00","dateModified":"2025-05-28T03:04:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/"},"wordCount":1228,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_030624.png","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/","name":"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_030624.png","datePublished":"2024-12-12T23:07:26+00:00","dateModified":"2025-05-28T03:04:24+00:00","description":"Authored by Dexter Shin Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_030624.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/06\/300x200_Blog_030624.png","width":300,"height":200},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"A New Android Banking Trojan Masquerades as Utility and Banking Apps in India"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/206689","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=206689"}],"version-history":[{"count":16,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/206689\/revisions"}],"predecessor-version":[{"id":214485,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/206689\/revisions\/214485"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/185601"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=206689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=206689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=206689"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=206689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}