Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach
Essential information
- Published
- 05/02/2025 22:09
- Modified
- 06/02/2025 01:29
- Tags
- 2025-02-05 android banking trojan data breach fatboypanel firebase mobile malware otp theft phishing sms interception
- Related entities
- 200 observables, 1 intrusion sets (apt), 7 techniques (mitre), 1 malware, 3 others
Description
A mobile malware campaign targeting Indian banks has been uncovered, comprising nearly 900 samples aimed at Android devices. The malware, distributed via WhatsApp as fake government or banking apps, steals sensitive financial and personal data, including Aadhar and PAN card details, credit card information, and banking credentials. It intercepts SMS messages, including OTPs, to facilitate unauthorized transactions. The campaign uses three variants: SMS forwarding, Firebase exfiltration, and a hybrid approach. Over 222 exposed Firebase storage buckets contained 2.5GB of stolen data from an estimated 50,000 users. The malware's phone numbers were traced to West Bengal, Bihar, and Jharkhand. The campaign impersonates various Indian banks and government schemes to increase its reach.