Uncovering ICICI Phishing Campaign: New Fraud App Found

Sept. 24, 2024, 2:38 p.m.

Description

A malicious host mimicking ICICI Bank has been discovered, along with a fraudulent app disguised as ICICI Helpdesk. The phishing domain, cppcccare.com, is hosted on an ASN known for various malicious activities. The fraudulent app, named 'ICICI.apk', is detected as a Trojan Banker, Keylogger, and SMSspy. It's believed to have been operational since August 2024, with a falsely inflated download count of 500K+. The app's description matches other fraudulent apps, indicating a broader phishing campaign. The incident has been reported to the bank, hosting provider, and CERT-IN authorities. The article provides detailed technical information about the malicious domain and app, including file hashes and package details.

External References

https://rakeshkrish.medium.com/uncovering-icici-bank-phishing-campaign-new-fraud-app-found-4f1088c0564d
https://otx.alienvault.com/pulse/66f2c834a43e177c852fe4e7
Tags
android
trojan
banking
2024-09-24

Date

  • Created: Sept. 24, 2024, 2:09 p.m.
  • Published: Sept. 24, 2024, 2:09 p.m.
  • Modified: Sept. 24, 2024, 2:38 p.m.

Indicators

  • cd89b4cc7dc155f30db39e31b30894ed11f3fb6ad0fe5b2d014b123e333084c6
  • 77.37.34.191
  • cppcccare.com
Download all indicators here!

Attack Patterns

  • T1608.001
  • T1587.001
  • T1102.002
  • T1608.005
  • T1036.005
  • T1204.002
  • T1566

Additional Informations

  • Finance
  • British Indian Ocean Territory
  • Cyprus
  • India
  • United Kingdom of Great Britain and Northern Ireland