Scammers stealing banking credentials using trojan mobile phone apk apps - Part 1

Do not take sweets from strangers


And so we see now scams of people getting whatsapp/Facebook messenger messages on really good deals (electrical goods) and then asked to download an ecommerce app (apk file), for this case is a JiaBao 家宝  app. The apk app sounds like Tao Bao so it can fool people. Apk file is equivalent to an exe file in Windows, it's basically an android package software.

The apk file is actually a trojan malware program to capture user's banking details and to hijack the SMS messages of the users's phone.  It has 2 parts, the 1st part to capture banking details in the shopping feature on the app to request user to enter their banking details, the 2nd part is to hijack the SMS messages of the user's phone,

Android Phone doesn't block the program because the program is just like a legitimate SMS reader program, it just presents itself as the default SMS program on your phone. Once the program is the default SMS program, it can read all SMS that comes into the phone thus making stealing the OTP code possible. This scam does not affect iPhone users.

This scam can happen on banking apps also but using a shopping app is much easier to fish for user banking id and password.


Maybank got aware of this case and has created a series of campaigns to warn customers when downloading apk files from unknown users. This shows that this kind of malware apk can also be used to target banking apps.

Part 1 article is here.

📍Links

https://www.thestar.com.my/news/nation/2022/02/10/cops-warn-of-new-tactic-by-scammers-to-steal-from-accounts-without-victims039-knowledge