216.73.216.170

Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach

· Published 05/02/2025 22:09 · Modified 06/02/2025 01:29

Export JSON

Essential information

Published
05/02/2025 22:09
Modified
06/02/2025 01:29
Tags
2025-02-05 android banking trojan data breach fatboypanel firebase mobile malware otp theft phishing sms interception
Related entities
200 observables, 1 intrusion sets (apt), 7 techniques (mitre), 1 malware, 3 others

Description

A campaign targeting Indian banks has been uncovered, comprising nearly 900 samples aimed at devices. The malware, distributed via WhatsApp as fake government or banking apps, steals sensitive financial and personal data, including Aadhar and PAN card details, credit card information, and banking credentials. It intercepts SMS messages, including OTPs, to facilitate unauthorized transactions. The campaign uses three variants: SMS forwarding, exfiltration, and a hybrid approach. Over 222 exposed storage buckets contained 2.5GB of stolen data from an estimated 50,000 users. The malware's phone numbers were traced to West Bengal, Bihar, and Jharkhand. The campaign impersonates various Indian banks and government schemes to increase its reach.

External references