A sophisticated malware campaign exploits a leading Indian bank's brand through fraudulent mobile applications. Distributed via phishing links and social engineering, these fake apps mimic legitimate bank apps, tricking users into revealing sensitive information. The malware uses advanced evasion techniques, including encrypted communication with C2 servers, dynamic payload execution, and runtime behavior alterations. The attackers aim for financial gain through credential theft, unauthorized transactions, and data sale on darknet forums. The campaign employs Telegram bots, SQL injection attacks, and XOR encryption. The analysis highlights the threat's impact and provides recommendations for mitigation, including advanced monitoring, vulnerability patching, and user education.