New Malware Targets Indian Bank Users to Steal Aadhaar, PAN, ATM & Credit Card PINs

A newly discovered malware campaign, “FatBoyPanel,” is targeting Indian bank users, stealing Aadhaar numbers, PAN details, ATM PINs, and credit card information. Researchers have identified nearly 900 malware samples designed to trick users into revealing sensitive data.

How the Attack Works:

  • The malware spreads via WhatsApp as APK files disguised as official banking or government apps.
  • Once installed, it mimics legitimate banking apps to steal user credentials.
  • It intercepts SMS messages, including one-time passwords (OTPs), to facilitate unauthorized transactions.
  • The malware has three key variants:
    - SMS Forwarding: Sends stolen SMS data to an attacker-controlled phone number.
    - Firebase-Exfiltration: Sends data to a Firebase server acting as a command-and-control center.
    - Hybrid Variant: Combines both techniques for maximum data theft.

Major Impacts:

  • 50,000+ users affected, with stolen bank details, card credentials, and government-issued IDs.
  • Over 1,000 attacker-controlled phone numbers identified in the operation.
  • The stolen data enables fraudulent banking transactions and identity theft.

How to Stay Protected:

  • Download apps only from trusted sources (Google Play Store, Apple App Store).
  • Enable Multi-Factor Authentication (MFA) (OTP, biometric authentication).
  • Avoid clicking on unknown links or downloading APK files from WhatsApp or emails.
  • Monitor bank statements regularly for suspicious transactions.
  • Use a trusted mobile security solution like NPAV Mobile Security to detect and block malware threats.